Welcome to WebmasterWorld Guest from 54.205.96.97

Forum Moderators: bakedjake

how to stop fake http requests with spoofed IPs?

   
5:25 pm on Mar 22, 2007 (gmt 0)

10+ Year Member



Hi,

my box has been hitting constantly by fake http requests. I tracked it down, and it comes from one referrer, however it has different IPs.

I want to stop him doing that, but not sure why cuz I don't think iptables is the tool I wanna use in that situation. (IPs are spoofed, and I can reject legitimate ones).

any idea how to handle that?

thanks.

7:14 am on Mar 25, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



it comes from one referrer, however it has different IPs.

What makes you think the ip addresses are spoofed? They might be many different (real) machines that are being referred to your site by one page.

What kind of site is the referrer? Is there a link to your site on this page?

Is your site actually suffering from this - server load too high, response times poor, system crashing?

12:25 pm on Mar 29, 2007 (gmt 0)

10+ Year Member



Hi,

thanks for the answer, Webdoctor.

well, I run a service where people put my links on their websites. And some of my affiliates (actually just 2 guys) send tons of http requests to me (hundreds a minute). I couldn't spot my link anywhere on their site. AND there's no referer (php's $_SERVER[HTTP_REFERER] is empty).
that is why it makes me think these guys hit my box with fake requests.

How can I track it down. One suggested torrents might be used to do so. What can I do to find out if these are legitimate visitors, or not?

any ideas?

thanks.

4:05 pm on Apr 14, 2007 (gmt 0)

10+ Year Member



Hi,

here's the referer the guy is using:

<url removed>

if you go to <the site> - you will get redirected to adult sites.

the guy is killing my box with tons of requests a minute - these are not legitimate users.
anyone can help?

thanks.

[edited by: encyclo at 5:25 pm (utc) on April 14, 2007]
[edit reason] removed links to adult/virus-infected site [/edit]

6:41 pm on Apr 14, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



SetEnvIfNoCase Referer ^http://example\.com block

<Files ~ "^.*$">
order allow,deny
allow from all
deny from env=block
</Files>

 

Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month