Welcome to WebmasterWorld Guest from 107.20.104.110

Forum Moderators: bakedjake

Message Too Old, No Replies

how to stop fake http requests with spoofed IPs?

     
5:25 pm on Mar 22, 2007 (gmt 0)

Junior Member

10+ Year Member

joined:Aug 4, 2004
posts:84
votes: 0


Hi,

my box has been hitting constantly by fake http requests. I tracked it down, and it comes from one referrer, however it has different IPs.

I want to stop him doing that, but not sure why cuz I don't think iptables is the tool I wanna use in that situation. (IPs are spoofed, and I can reject legitimate ones).

any idea how to handle that?

thanks.

7:14 am on Mar 25, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 23, 2003
posts:915
votes: 0


it comes from one referrer, however it has different IPs.

What makes you think the ip addresses are spoofed? They might be many different (real) machines that are being referred to your site by one page.

What kind of site is the referrer? Is there a link to your site on this page?

Is your site actually suffering from this - server load too high, response times poor, system crashing?

12:25 pm on Mar 29, 2007 (gmt 0)

Junior Member

10+ Year Member

joined:Aug 4, 2004
posts:84
votes: 0


Hi,

thanks for the answer, Webdoctor.

well, I run a service where people put my links on their websites. And some of my affiliates (actually just 2 guys) send tons of http requests to me (hundreds a minute). I couldn't spot my link anywhere on their site. AND there's no referer (php's $_SERVER[HTTP_REFERER] is empty).
that is why it makes me think these guys hit my box with fake requests.

How can I track it down. One suggested torrents might be used to do so. What can I do to find out if these are legitimate visitors, or not?

any ideas?

thanks.

4:05 pm on Apr 14, 2007 (gmt 0)

Junior Member

10+ Year Member

joined:Aug 4, 2004
posts:84
votes: 0


Hi,

here's the referer the guy is using:

<url removed>

if you go to <the site> - you will get redirected to adult sites.

the guy is killing my box with tons of requests a minute - these are not legitimate users.
anyone can help?

thanks.

[edited by: encyclo at 5:25 pm (utc) on April 14, 2007]
[edit reason] removed links to adult/virus-infected site [/edit]

6:41 pm on Apr 14, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:July 27, 2001
posts:1472
votes: 0


SetEnvIfNoCase Referer ^http://example\.com block

<Files ~ "^.*$">
order allow,deny
allow from all
deny from env=block
</Files>