[NBLUG/talk] webserver abuse

Osiris Pedroso opedroso at swoptimizer.com
Tue Jan 25 12:15:00 PST 2005


Pretty cool!

Could you enlighten me how you figure out the 80.191 to be Iran?

Thanks,

Osiris Pedroso
--
Optimizer Consulting
369B Third St #369
San Rafael, CA 94901-3581
Ph: (707) 658-3500
AOL AIM: osirisPedroso
http://www.SWoptimizer.com

-----Original Message-----
From: Bob Blick [mailto:bblick at sonic.net] 
Sent: Monday, January 24, 2005 9:22 PM
To: General NBLUG chatter about anything Linux, answers to questions,etc.
Subject: [NBLUG/talk] webserver abuse

I use awstats to generate stats on my vanity website. Normally there is
about 200 to 250 megs a day of traffic, but last Wednesday I had triple
that, and it was all from one ip address, 80.191.167.5 which was going
through my site one link at a time, and then repeating over and over.
Whois on it leads me to some place in Iran. I grep my logs for similar
numbers, and I see some traffic from similar numbers, all whois the same
name as the technical contact. So I just decided to block all of Iran in
my .htaccess file:

order allow,deny
deny from 80.191.
allow from all

But I think it's time to switch to all-PHP for everything, and do some
quotas.  What with brain-dead robots last month spidering the same file
over and over, this is bumming me out.

Does anyone have any ideas how best to do this, or links?

Thanks,

Bob











More information about the talk mailing list