APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Blocking Unwanted Visitors


© March 2009 Anthony Lawrence

Yesterday I happened to notice unusual web activity coming from a set of Hong Kong addresses. A half dozen ip addresses were walking my site, following every link.

I don't really get too upset by that sort of activity. I know that people around the world do that, sometimes to steal content but sometimes just so they can have a local cache. Sometimes it may be a previously unknown search engine collecting information. That's fine.. except..

Legitimate spidering programs should honor my robots.txt which asks them NOT to follow cgi links. This idiot program was using multiple ips and following all the "Comment" and "Printer Friendly" cgi links at a very rapid pace, slowing down the server for everyone else. I can't have that, so I added him to my "bad ip" list.

Most cgi scripts here have a section in them that looks like this:

$rip=$ENV{'REMOTE_ADDR'};
open(BADRIP,"$DATA/badrip");
while (<BADRIP>) {
 chomp;
 if ($rip =~ /^$_/) {
print <<EOF;
Content-type: text/html

<script language="javascript"><!--
location.replace("https://192.0.2.1")
//-->
</script>
EOF
   
exit 0;
 }
} 
close BADRIP;
 

The idea is to redirect him to something that won't resolve, thereby slowing him down. I could do the same thing with pages (and if he keeps on being annoying I will).

I don't leave the ip's in the "badrip" file for more than a few hours - these are almost always DHCP addresses that will recycle to someone else soon enough. Most of the time the "badrip" is empty; it's only when someone becomes really annoying that I use this.

We've talked about blocking by country before:
More ssh ideas
ARIN, APNIC, LAPNIC, RIPE

I don't want to arbitrarily block by country. Yes, an awful lot of "problem" access comes from Asian countries, but I don't see that as reason to lock out everyone from those ip blocks. There is a lot of Asian access because there are a lot of Asian people, and while some of the spidering may be for theft, it can also be for legitimate reasons (though legitimate spiders should be honoring my robots.txt). I'll just continue to handle it on a case by case basis.

You can also block IP's with .htaccess. Add this to your .htaccess file:

Order Allow,Deny

Deny from 211.13.67.89
Deny from 128.345.67.89

Allow from all
 

Those block specific IP's; block entire ranges by leaving off the specific octets:

Order Allow,Deny

Deny from 211.13

Allow from all
 

That blocks a lot of Japan.


Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

->
-> Blocking unwanted visitors


Inexpensive and informative Apple related e-books:

Are Your Bits Flipped?

Take Control of Numbers

Take Control of Automating Your Mac

iOS 10: A Take Control Crash Course

El Capitan: A Take Control Crash Course




More Articles by © Anthony Lawrence




Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us


Printer Friendly Version





The use of COBOL cripples the mind; its teaching should, therefore, be regarded as a criminal offence. (Edsger W. Dijkstra)




Linux posts

Troubleshooting posts


This post tagged:

Blogging

Networking

Web/HTML



Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode





SCO Unix Sales, Support, & Service

Phone:  707-SCO-UNIX (707-726-8649Toll Free: 833-SCO-UNIX (833-726-8649)
www.SCOsales.com