[NBLUG/talk] webserver abuse
bblick at sonic.net
Mon Jan 24 15:22:07 PST 2005
I use awstats to generate stats on my vanity website. Normally there is
about 200 to 250 megs a day of traffic, but last Wednesday I had triple
that, and it was all from one ip address, 220.127.116.11 which was going
through my site one link at a time, and then repeating over and over.
Whois on it leads me to some place in Iran. I grep my logs for similar
numbers, and I see some traffic from similar numbers, all whois the same
name as the technical contact. So I just decided to block all of Iran in
my .htaccess file:
deny from 80.191.
allow from all
But I think it's time to switch to all-PHP for everything, and do some
quotas. What with brain-dead robots last month spidering the same file
over and over, this is bumming me out.
Does anyone have any ideas how best to do this, or links?
More information about the talk