Prevent neamonis bot
Since one week I got astonishing spams. Some one (a bot) constantly logging his account and roaming in the site. I didnt care. since bot cant pass Capcha validation. But that created constant load on my server. It was one or two attack at the begining then it start to be frequent. Now I could see 3~1 min plauses between fetches. It was time to take action.
I cant bind on one ip since attach was making across many ip's . I grep the most frequent, attacker ip's. One is Oto. He told me
Hi, it seems I have a bug in proxy configuration, so our mod_proxy on Apache works as public proxy :-(
I found that Bot graps much content to fill up my logs to hide its malicius activity like commenting.
I've changed htaccess to forward if no referrer, attacher should download 7mb file (buyukdosya) !
RewriteCond %{HTTP_REFERER} ^$
RewriteRule ^comment/reply/ buyukdosya [L]
then second rule set orders to ban ie. But 6th version. The set up of XP installation. any way there are minorty that
RewriteCond %{HTTP_USER_AGENT} ^Mozilla/4\.0\(compatible;.MSIE.6.0;.Windows.NT.5.1;.SV1\)
RewriteRule ^.* - [F,L]
After that adjustment i saw
85.31.179.178 - - [28/May/2010:16:12:49 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
219.103.145.218 - - [28/May/2010:16:12:50 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
208.27.113.137 - - [28/May/2010:16:12:50 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
ehe ehe.
My system affacted such a basic attack. Because it is based on giant consumer of mem and cpu. If I could managed to install nerkl that dos attack would be just some lines on my list.
Ps: After these lines electricity went off!!!
Similar
New technique to win olimpics
At the 1968 Olympics, Dick Fosbury took the athletics world by surprise with an unusual high-jump technique.
Printing mysql_error
This is a code snipped to print mysql error.
If there is no error mysql_error returns null, thus if evaluates false and there is no output.
multiple ON DUPLICATE KEY UPDATE
Here is an example of how to update multiple columns using values supplied in the INSERT statement. This assumes that column 'a' is the unique key.
multiple ON DUPLICATE KEY UPDATE
Here is an example of how to update multiple columns using values supplied in the INSERT statement. This assumes that column 'a' is the unique key.
php unlink recursive
The shortest recursive delete possible.
<?php
/**
* Delete a file or recursively delete a directory
*
* @param string $str Path to file or directory
*/
Comments
tail -n 90 logs/nerkn.mornehir.com/http/access.log.0 | grep 403
74.208.204.118 - - [28/May/2010:21:33:59 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
210.48.147.2 - - [28/May/2010:21:34:01 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
217.56.85.25 - - [28/May/2010:21:34:02 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
210.23.129.74 - - [28/May/2010:22:15:43 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
61.125.136.65 - - [28/May/2010:22:15:45 -0700] "GET /user HTTP/1.0" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
202.108.50.72 - - [28/May/2010:22:15:47 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
78.4.77.23 - - [28/May/2010:22:22:12 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
203.162.147.160 - - [28/May/2010:22:22:14 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
193.146.135.72 - - [28/May/2010:22:22:15 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
38.112.100.2 - - [28/May/2010:22:36:05 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
94.100.90.22 - - [28/May/2010:22:36:06 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
210.23.129.74 - - [28/May/2010:22:36:07 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
72.18.152.148 - - [28/May/2010:22:37:56 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
187.106.54.97 - - [28/May/2010:22:37:58 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
114.201.225.49 - - [28/May/2010:22:37:58 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
210.23.129.74 - - [28/May/2010:22:43:58 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
221.238.17.245 - - [28/May/2010:22:44:02 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
164.109.146.181 - - [28/May/2010:22:44:03 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
114.201.225.49 - - [28/May/2010:22:48:17 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
79.125.12.241 - - [28/May/2010:22:48:19 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
202.218.219.231 - - [28/May/2010:22:48:20 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
195.189.2.162 - - [28/May/2010:22:59:27 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
210.87.254.40 - - [28/May/2010:22:59:28 -0700] "GET /user HTTP/1.0" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
173.224.209.6 - - [28/May/2010:22:59:28 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
195.229.241.176 - - [28/May/2010:23:07:30 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
212.246.144.41 - - [28/May/2010:23:07:31 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
8.12.33.159 - - [28/May/2010:23:07:32 -0700] "GET /user HTTP/1.0" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
192.117.176.214 - - [28/May/2010:23:16:28 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
203.167.190.245 - - [28/May/2010:23:17:14 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
77.105.36.85 - - [28/May/2010:23:17:15 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
125.168.56.240 - - [28/May/2010:23:56:42 -0700] "GET /user HTTP/1.0" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
208.66.64.71 - - [28/May/2010:23:56:43 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
213.30.209.82 - - [28/May/2010:23:56:44 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
64.107.146.21 - - [28/May/2010:23:58:49 -0700] "GET /user HTTP/1.0" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
195.229.235.36 - - [28/May/2010:23:58:50 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
114.182.98.137 - - [28/May/2010:23:58:52 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
80.79.119.221 - - [29/May/2010:00:13:10 -0700] "GET /user HTTP/1.0" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
93.179.252.13 - - [29/May/2010:00:13:11 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
91.83.40.187 - - [29/May/2010:00:13:12 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"