Prevent neamonis bot

Since one week I got astonishing spams. Some one (a bot) constantly logging his account and roaming in the site. I didnt care. since bot cant pass Capcha validation. But that created constant load on my server. It was one or two attack at the begining then it start to be frequent. Now I could see 3~1 min plauses between fetches. It was time to take action.

I cant bind on one ip since attach was making across many ip's . I grep the most frequent, attacker ip's. One is Oto. He told me

Hi, it seems I have a bug in proxy configuration, so our mod_proxy on Apache works as public proxy :-(

I found that Bot graps much content to fill up my logs to hide its malicius activity like commenting.
I've changed htaccess to forward if no referrer, attacher should download 7mb file (buyukdosya) !

RewriteCond %{HTTP_REFERER} ^$
RewriteRule ^comment/reply/ buyukdosya [L]

then second rule set orders to ban ie. But 6th version. The set up of XP installation. any way there are minorty that


RewriteCond %{HTTP_USER_AGENT} ^Mozilla/4\.0\(compatible;.MSIE.6.0;.Windows.NT.5.1;.SV1\)
RewriteRule ^.* - [F,L]

After that adjustment i saw

85.31.179.178 - - [28/May/2010:16:12:49 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
219.103.145.218 - - [28/May/2010:16:12:50 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
208.27.113.137 - - [28/May/2010:16:12:50 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

ehe ehe.

My system affacted such a basic attack. Because it is based on giant consumer of mem and cpu. If I could managed to install nerkl that dos attack would be just some lines on my list.

Ps: After these lines electricity went off!!!

Comments

tail -n 90 logs/nerkn.mornehir.com/http/access.log.0 | grep 403

74.208.204.118 - - [28/May/2010:21:33:59 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
210.48.147.2 - - [28/May/2010:21:34:01 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
217.56.85.25 - - [28/May/2010:21:34:02 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
210.23.129.74 - - [28/May/2010:22:15:43 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
61.125.136.65 - - [28/May/2010:22:15:45 -0700] "GET /user HTTP/1.0" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
202.108.50.72 - - [28/May/2010:22:15:47 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
78.4.77.23 - - [28/May/2010:22:22:12 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
203.162.147.160 - - [28/May/2010:22:22:14 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
193.146.135.72 - - [28/May/2010:22:22:15 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
38.112.100.2 - - [28/May/2010:22:36:05 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
94.100.90.22 - - [28/May/2010:22:36:06 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
210.23.129.74 - - [28/May/2010:22:36:07 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
72.18.152.148 - - [28/May/2010:22:37:56 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
187.106.54.97 - - [28/May/2010:22:37:58 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
114.201.225.49 - - [28/May/2010:22:37:58 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
210.23.129.74 - - [28/May/2010:22:43:58 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
221.238.17.245 - - [28/May/2010:22:44:02 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
164.109.146.181 - - [28/May/2010:22:44:03 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
114.201.225.49 - - [28/May/2010:22:48:17 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
79.125.12.241 - - [28/May/2010:22:48:19 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
202.218.219.231 - - [28/May/2010:22:48:20 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
195.189.2.162 - - [28/May/2010:22:59:27 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
210.87.254.40 - - [28/May/2010:22:59:28 -0700] "GET /user HTTP/1.0" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
173.224.209.6 - - [28/May/2010:22:59:28 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
195.229.241.176 - - [28/May/2010:23:07:30 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
212.246.144.41 - - [28/May/2010:23:07:31 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
8.12.33.159 - - [28/May/2010:23:07:32 -0700] "GET /user HTTP/1.0" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
192.117.176.214 - - [28/May/2010:23:16:28 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
203.167.190.245 - - [28/May/2010:23:17:14 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
77.105.36.85 - - [28/May/2010:23:17:15 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
125.168.56.240 - - [28/May/2010:23:56:42 -0700] "GET /user HTTP/1.0" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
208.66.64.71 - - [28/May/2010:23:56:43 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
213.30.209.82 - - [28/May/2010:23:56:44 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
64.107.146.21 - - [28/May/2010:23:58:49 -0700] "GET /user HTTP/1.0" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
195.229.235.36 - - [28/May/2010:23:58:50 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
114.182.98.137 - - [28/May/2010:23:58:52 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
80.79.119.221 - - [29/May/2010:00:13:10 -0700] "GET /user HTTP/1.0" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
93.179.252.13 - - [29/May/2010:00:13:11 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
91.83.40.187 - - [29/May/2010:00:13:12 -0700] "GET /user HTTP/1.1" 403 524 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

Similar

  • Neden bu sayfalar? -

    Neden bu sayfalar?

    Askere gideceğim şu günlerde böyle bir site fikri kendiliğinden gelmedi. Bro-Ersin'in gunaz.tv için bişyler kasmasını beklerken kendiliğinden kuruldu.

  • oteller tatil - yazın yapacak çok şey var -

    oteller tatil - yazın yapacak çok şey var

    I've been hired for metglobal, owner of otel.com and tatil.com. Also owns many other sites, that sells booking for the hotels. Minority things for the tours and flights.

  • Bitti askerlik -

    Bitti askerlik

    Gerçekten askeri farklı kafamızda canlandırıyormuşuz. Hiç bilmezdim böyle olacağını. Aslında sadece asker de değildim en sivile karışan kısmındaydım, Jandarma oldum.

  • Türk SKi askeri -

    Türk SKi askeri

    Tagged:  

    Bakamadım sonuçlara. Korku değil, bilmeme isteği mi?
    Bakamadım siteye. Giremedim elim varmadı.
    Heyecan değil, kötü bişy mi ki?
    Sonuçta bilindik yerler var
    Bilinmedik yerler de