From owner-freebsd-questions@FreeBSD.ORG Tue May 8 16:10:28 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E3AF416A403; Tue, 8 May 2007 16:10:28 +0000 (UTC) (envelope-from hfeldman@earthlink.net) Received: from elasmtp-spurfowl.atl.sa.earthlink.net (elasmtp-spurfowl.atl.sa.earthlink.net [209.86.89.66]) by mx1.freebsd.org (Postfix) with ESMTP id 9BBAA13C487; Tue, 8 May 2007 16:10:28 +0000 (UTC) (envelope-from hfeldman@earthlink.net) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=PMq/BJrApx0zTNMjANVm4cFg7hPmmpS4ce88iLwPdH5qpaYhtEWds80MuVgoHafG; h=Received:Message-ID:Date:From:Organization:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-ELNK-Trace:X-Originating-IP; Received: from [24.234.191.232] (helo=[192.168.0.21]) by elasmtp-spurfowl.atl.sa.earthlink.net with asmtp (TLSv1:AES256-SHA:256) (Exim 4.34) id 1HlS6X-0008Pr-78; Tue, 08 May 2007 11:59:57 -0400 Message-ID: <46409E84.3000806@earthlink.net> Date: Tue, 08 May 2007 09:00:04 -0700 From: Howard MITCHell Feldman Organization: Mind's Eye Research, Inc User-Agent: Thunderbird 1.5.0.10 (Windows/20070221) MIME-Version: 1.0 To: Olaf Greve References: <2BEB30C2-C9C5-43AB-9DCA-5C9A1B0AC2C0@axis.nl> <20070504111105.GA13599@kzdoos.xs4all.nl> <405942B8-7714-4F57-914F-24F12DFB206A@axis.nl> In-Reply-To: <405942B8-7714-4F57-914F-24F12DFB206A@axis.nl> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-ELNK-Trace: 9eb4dc82b07f5a0c1aa676d7e74259b7b3291a7d08dfec79785be530cd4ca264724515feedd0b36d350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 24.234.191.232 Cc: freebsd-questions@freebsd.org, freebsd-amd64@freebsd.org, Koos van den Hout Subject: Re: How to make Apache (2.2.4) less greedy, or Sendmail less polite? [semi-solved] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 May 2007 16:10:29 -0000 Here's what I do with spammers and others I want to keep out of my server... I make an IP entry into my /etc/hosts.deny file of those I want to deny access to my server. Then I make an entry in my /etc/hosts.allow file that denies access to all in my hosts.deny file. That entry is the first non-commented entry in the hosts.allow file and looks like: ALL: /etc/hosts.deny: deny ...howard Olaf Greve wrote: > Hiya all, > > Well, I promised you guys a follow-up on this, and here's what I have > found out (first the situation and solution, and then two small > questions).... > > The situation: > Firstly, I took some measures to figure out where the issues came > from, and using Apache's "server-status" handler (tnx for that > recommendation!), I noticed the script that caused Apache to choke up > (i.e. grab an excessive amount of resources), was a PHP script that > shows entries of photographic events that I organise from time to > time. This didn't happen for all entries, but only for specific ones. > I then wondered why, as this script never caused trouble before, and > while checking the server status I did already notice that the "store > comments" script (allowing visitor's feedback to the entries) was > called very often. Too often. I checked out the sizes of the comments > files (which normally are very small plain text files, of perhaps some > 4Kb size at most), and lo and behold: some of them were as big as > 18Mb! The main issue then becoming that when these files were parsed as > text by PHP when an entry is shown, this either took a long time to > complete, or in the worst case caused even a core dump to be generated > by the over-excessive load on the server's resources. > Next, when checking the contents of those files, it became apparent > that they were completely hammered with all sorts of typical > commercial spam, referring to vi*gr* websites, etc. I think this is > known as "forum spam" (or so), but my site uses custom scripts, so > someone must have found the URL, and made use of it by manually > figuring out the parameters and it's functionality. > > The (partial) "solution": > For now, I have configured the webserver so, that ANY call to this > "store comments" script is forbidden, and will simply generate a > standard server error (hopefully the spammers will signal these server > errors, and will stop the hack attempt), while I am looking into a > better solution (e.g. by having to type additional text (anti-spam > challenges) when posting a comment). But then, as mentioned above, > someone went through the trouble of figuring out how to manipulate my > code, and hence caused me a LOT of time being wasted, so I want to > "reward" them for their trouble, by punishing the responsible people > as much as possible. Therefore, I will go through the Apache access > log to work out the IP addresses of > the machines that were used for this, and I will report them to the > proper anti spam authorities, such that they will be blacklisted > Internet wide. If anyone knows of good places to do so (the more, the > merrier), I welcome hearing about them... > > The questions: > -Can anyone recommend me proper anti spam authorities to whom I can > report the IP addresses that caused the issues on my machine? > -At present, in Apache I have added: > > Order deny,allow > Deny from all > > Can anyone tell me of a good way to only ever allow calls to this > script coming from the proper previous script, or should this be > handled from PHP itself? > Perhaps this question isn't very clear, but what I'm looking for is a > way to block any and all direct calls to this script, that originate > from anywhere but from the photography site itself. > > Can anyone help me perhaps with those two thingies? > > Tnx once more, and cheers! > Olafo > _______________________________________________ > freebsd-amd64@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-amd64 > To unsubscribe, send any mail to "freebsd-amd64-unsubscribe@freebsd.org" >