Forum Moderators: phranque
In htaccess I have:
deny from .ca (for example)
But there's a certain part of the world, whose citizens are consistently trying to get into my site, and probably the entire server. I'd like to block them from getting any sort of bite of data from me if possible. I am aware that IP banning will block innocent people too, but these guys are such a pain in the butt it would be worth it.
I prefer denying them access to the server somehow too, if possible.
I am on a VPS with apache 1.3
You can find the subnet maskes there
[apnic.net...]
before I implemented theses changes in my IPSec, I frequently had 4 or 5 megs daily log files for IIS & FTP, due to asian script kiddies who were attacking my site.
now the average log file is 5kb and it's only "normal" users instead of dumb dictionnary attacks all the time. wooohooh.
I'm still impressed at the amount of kiddies attacking my website with ... php or apache related directories/flaws as ... I run IIS . lol.
anyway, block all the subnets listed on the link above and that'll save you a lot of troubles. In my case I could do it as we don't have any customers in asia !
But it isn't entirely accurate. It doesn't have MY ip address range listed for my country and I'm on a huge ISP.
For now, I block them like this (in .htaccess):
<Limit GET POST>
order allow,deny
allow from all
deny from ip address
deny from .af
deny from .am
deny from .bd
deny from .bj
deny from .cn
deny from .hk
deny from .id
deny from .in
</Limit>
Which obviously is useless, if their ISP is a *.com
Or if they use a proxy.
I am currently looking at proxy filters, too.. but as with anything on the web - not fool-proof either. :) Haven't implemented any yet though, you?
I'm still looking for a software that could either analyse my logs and update my IPSec (I'm on IIS) security but so far I haven't found anything.
And yeah, the annoying thing is that most hackers use proxy too, I think that's why I got so many hacking attemps from Chekoslovakia and Poland. eheh
