I am getting lot of random requests to my server ... 117.82.194.3 - - [08/Dec/2008:20:51:32 -0800] "GET http://www.pilotoutlook.com/javascripts/effects.js HTTP/1.0" 200 23796 "http://media.adrevolver.com/adrevolver/banner?place=31445&cpy=7719930" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1)" I am currently manually adding ips to iptables and blocking the access. I want to automate and block such IPs automatically. One way of doing this may be to just redirect all these crappy urls in apache to /dev/null How do I do that? Please help.
Do a google search for DOS-Deflate. Its an automated script that adds IPs to a deny list after it has tried to open too many connections. You can also configure how long the IP is blocked. Its very simple and very configurable. Just two tips, if you are running a website with a lot of images, set the connection limit to something like 150. If you set the script to low, it will be blocking regular visitors. And be sure to add your IP address to the ignore list. I have mine set to 150 connections and the IP is blocked for 5 minutes. 150 is not a lot if you have a lot of images on the page, such as a forum.
That was pretty easy. I just ran the script and went through the config. How do I make sure that it is being called for sure + how do I make sure that google bot is not getting blocked. Thanks a lot for your help in advance.
There have been three scripts recommended in this thread, which one are you talking about? If you are asking about DOS-Deflate - check the IP Deny file for a list of banned addresses. But, how long did you set the ban time limit config to? So if an IP is listed right now, it will be unbanned in X number of minutes. If you are not asking about DOS-Deflate - never mind.
How do I verify that it is working? I am getting an email saying IP XYZ is blocked. But, when I look at my access_log for apache, it still seems to be sending traffic. How to make sure that it is doing what it is supposed to?