Welcome to WebmasterWorld Guest from 35.171.45.91

Forum Moderators: Ocean10000 & phranque

Any downsie?

     
2:10 am on Jun 9, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:10563
votes: 1122


I have a vanity website (not commercial, no ads) that has been on line over 23 years. Will not give it up, a vanity kind of thing, but in recent months has been attacked by bad actors from countries known for meddling, etc. and ... Have a mess of malformed inbound requests playing havoc in my logs.

Is there any downside in forcing 403?

For example, I do not use php, so

SetEnvIf Request_URI "\.php" ban

In recent weeks have added com net org it jp$ ru cn asp ua sa live life info etc

Bad bots have always been addressed in

SetEnvIfNoCase Referer "something" ban

Unfortunately the number of those has increased by double! (I have a robots.txt and those that play nice are not included in the ban). That said, robots.txt is always passed...

The Deny from list (by ip) is becoming increasingly more significant as these are country specific---the most egregious (as in covering my content by theft). I have taken to using:

xxx
and
xxx.xxx or (if there's no big change)
xxx.xxx.xxx

Realize I am stuck in the stone age as regards IPv6 ... but my logs, so far, are only returning IPv4...

This last part of my question is where I am a stranger. I have yet to wrap this aging brain around CDIR ranges, etc. or where I might find country specific range lists that I can "cut and paste". MEANWHILE, I am educating myself the HARD WAY (looking up IP addresses) and hope to get there dang quick.

Just checking to see if I am headed off track in dealing with this problem.

Any advice (or raspberries for being clueless) is welcome.
2:11 am on June 9, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:10563
votes: 1122


Note: my other sites, commercial (of which there are only three) have not had this problem, or a change in original hosts.
2:21 am on June 9, 2019 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11869
votes: 244


the Apache forum is appropriate for questions about implementing specific blocking techniques on an apache server.

threads discussing blocking techniques in general would be better posted in the Search Engine Spider and User Agent Identification [webmasterworld.com]
2:47 am on June 9, 2019 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:4558
votes: 363


There is a thread in that Search Engine Spider and User Agent Identification forum that lists various blocking methods and techniques along with links to related information and discussions: [webmasterworld.com...] to help with terminology and pointers.

That is where you can poke around and usually figure things out - or ask questions if you hit a wall. It is not as simple as a country list though there are cases of such handy finds. There isn't a copy/paste list and one size does not fit all. It is an ongoing task to keep up with as it is ever changing. After some startup efforts, it can usually be maintained in much less time than the initial investment.
3:39 am on June 9, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:10563
votes: 1122


Cooll ... do I repost the above, or do the mods move it?
3:40 am on June 9, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:10563
votes: 1122


Reason why I ask, all questions are in htaccess. :)
4:16 am on June 9, 2019 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:4558
votes: 363


Your questions would probably not be the same once you have looked at the methods and techniques found in that forum. I think that the idea was that you might have a different set of questions? Blocking strategy is not unique to Apache servers, hence the separate forum for those discussions.
11:48 am on June 9, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member penders is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2006
posts: 3153
votes: 7


Have a mess of malformed inbound requests playing havoc in my logs.


Presumably these "malformed requests" are currently returning a 404 response (or some other non-200 status)?
8:39 pm on June 9, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:10563
votes: 1122


Yes, @penders.

Meanwhile, some PMs have provided info ... and THANKS!

Mods may close this thread since anything further would be outside of "apache"