Quote:1. blocked the ENTIRE netcathost C class ip range via iptables
This is probably a good thing but proxies are so easy to find these days.. nevertheless could stop those that are just automating attacks
Quote:2. implemented znx's .htaccess script in the root of the webserver
note: in the code below znx asked me to remove the line that had HEAD in it, I still don't know why, perhaps he will explain here !
Indeed the matching of the ua should be enough, therefore there is no need to remove HEAD. The removal of HEAD wouldn't restrict normal browsers of your site in anyway but certain utilities use HEAD to confirm pages exist and even some browsers to assist with preloading a site, hence unless we have to I think we should try to keep HEAD active.
Also maybe I should have pointed out this is the htaccess:
Code:
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} "^(" [NC]
RewriteRule ^(.*) - [F,E=BAD:1,L]
This is the modification to logging (inside the httpd.conf you will already have a CustomLog line):
Code:
CustomLog /var/log/apache/access.log combined env=!BAD
CustomLog /var/log/apache/access_bad.log combined env=BAD
I'm not much convinced about the matching of ua, the little test we did.. it didn't seem to 403 me..as it should do :( We will need to experiment a wee bit more.
Quote:3. added user/pass for the stats usage page (for now) if you want access to it contact me or znx
This of course is the killer, no longer can your stats be googlefied and as such it is pointless for the spammers to spam referers anymore. Doesn't me we don't want to purge the spammers though.
Quote:Still waiting to accomplish the following:-
use grep and other tools to filter out all references to the spammed URLS from my Apache access_log, referrer_log etc.
Shouldn't be too hard... taking the small snip from above we can clear the logs with relative ease, strip the HEAD entries and thats it... of course we should confirm that no others are getting purged so.
Test the removal with:
Code:
grep -E "^195.225.177.*HEAD" access_log > wouldberemoved
If all the entries in that new file are duds... then procede with:
Code:
grep -Ev "^195.225.177.*HEAD" access_log > new_access_log
As long as the referers are all of a similar style.. we should be fine.
:) we shall prevail .. no?