How to effectively block a log spammer?

Forum Moderators: DixonJones

Message Too Old, No Replies

How to effectively block a log spammer?

I tried blocking the IP but he's back

Harry

1:10 am on Jun 4, 2006 (gmt 0)

Is there a way to effectively block a log spammer through .htaccess? Seems like the log spammer changes IP frequently. I don't see the benefits. If he notced that the logs were blocked, the stats are protected, why keeping the annoyance?

UserFriendly

1:05 pm on Jun 6, 2006 (gmt 0)

They are probably using anonymous proxies or zombie nets to change their IP address each time they make a request to a site. I don't think there's any way of stopping them from requesting the files.

What you can do is limit the bandwidth wasted each time. Create a custom block for the log files (using a FilesMatch block) and in that block specify a new 403 ErrorDocument that simply returns the string "forbidden". That ought to take up about 22 bytes each time, rather than the several hundred bytes that a nice, user-friendly custom 403 page would use up each time.

Harry

11:59 pm on Jun 7, 2006 (gmt 0)

Thanks. Not east, but I'll try.

larryn

2:49 pm on Jun 13, 2006 (gmt 0)

Harry,

We've had more success with blocking log spam during the analysis of the log files - they are very slippery and you'll spend all your time keeping the list up to date.

Good Luck,

Larry

carguy84

8:22 pm on Jun 13, 2006 (gmt 0)

go black hat and created a log interceptor which monitors and reports on abnormal behavior. If it detects spam ddos the IP address, I mean um, nvm.

oxbaker

7:18 pm on Jun 15, 2006 (gmt 0)

did you examine the useragents? Are they being spoofed too? its a lot easier to maintain a "bad agent" list than a "Bad ip" list.

hth,
mcm

and ddos em all... i mean, send a strongly worded email.

mcm