How to report Internet Abuse
Bob Elzer
bob.elzer at gmail.com
Mon Jul 26 14:55:50 MST 2010
If you block it with apache, the offending machine can still see you
computer is available through other means.
(I.E. you may run an smtp server, or ftp, or ssh, etc)
If you block it with your firewall software (iptables), the offending
machine will not get any response from your server, effectively making it
think your server has gone away.
_____
From: plug-discuss-bounces at lists.plug.phoenix.az.us
[mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of Shawn
Badger
Sent: Monday, July 26, 2010 2:42 PM
To: Main PLUG discussion list
Subject: Re: How to report Internet Abuse
What about adding the ip into the /etc/hosts.deny fie?
I don't know if Apache uses TCP wrappers, but if it does then this would be
an easy solution.
I think the best solution is to use iptables though, because you should
really already be running it on anything that is public facing.
Just my thoughts though.
On Mon, Jul 26, 2010 at 12:21 PM, Jason Holtzapple <ml at bitflip.net> wrote:
On 07/26/2010 12:10 PM, Mark Phillips wrote:
> I have a server running a school newspaper site. I keep getting hit from
> a server in Belgrade with a bad request, which creates an error and
> causes my database to grow by 1MB/hit. I am trying to track down the bug
> in the database, so my question is really about getting the guy to stop
> hitting my server with this request.
>
> The IP for the request is 212.95.54.48, and I think it is a spider as I
> get other requests from this IP for my site map, contacts page, etc. I
> looked up the IP and I got this from Whois:
> ...
>
> What is the best way to handle this? Send an email to abuse at inferno.name
> <mailto:abuse at inferno.name>, or am I just inviting more abuse? Is there
> a way for apache to block these addresses before it hits my site (apache
> is in front of a plone/zope combination)? I have a robots.txt file at
> the root of my site...
You can block this at your gateway router, your server's firewall
(iptables), or in apache's configuration file. See the Allow and Deny
directives: http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html
Personally, I've never had much luck with abuse addresses except with
large reputable companies.
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20100726/5bf84ded/attachment.html>
More information about the PLUG-discuss
mailing list