Does anyone know how to set up apache to restrict access based on county code? These script kiddies are driving me nuts and most of them are coming from Russia, the Ukraine and so on.
Any help would be appreciated.
Any help would be appreciated.
-
Re: Blocking by Country Code
Mon, February 28, 2005 - 1:39 AMSomething like this?
<Location />
order allow,deny
deny from *.ru
</Location> -
-
Re: Blocking by Country Code
Mon, February 28, 2005 - 11:34 AMWhat do you do if they are a .com, .net, .org or a host of other domain extentions that are used world wide?
Need something that identifies where they are coming from and boots them before entry. -
-
Re: Blocking by Country Code
Mon, February 28, 2005 - 5:35 PMThat would be blocking by geolocation not country code. On the plus side, this can run much faster since you don't need to do DNS lookups. On the minus side, unless you subscribe to a service like Digital Envoy's NetAcuity ( www.digitalenvoy.net/ ) there is a lot of tweaking involved to stay on top of changes.
I use NetAcuity from a PHP module for live website checking and from Perl for log processing. I don't pay the bills, though, and I have no idea how much it is costing. Probably in the four figures a year range.
There are free tools, but I can't think of any names offhand. There are also published tables of which registry gives out which IPs which can be used to find the offending netblocks for "Deny x.y" statements.
It is a nasty way to kill script kiddies though, since it also denies real visiters and doesn't stop kiddies who have compromised cable modem users in Idaho.
-
-
-
Unsu...
Re: Blocking by Country Code
Mon, February 28, 2005 - 11:14 PMcheck out mod_security and mod_dosevasive. This wont get you blocking by country code, but both can help you block weenies on the fly.
-
Re: Blocking by Country Code
Tue, March 1, 2005 - 12:58 PMI'm going to 2nd the mod_security suggestion. I had a server up for close to 2 years without a firewall (aside from kernel level anti-spoofing and synflood protection with iptables/netfilter) simply by turning services off and using mod_security. It played hell with squirrell mail but some tweaking with httpd.conf (apache 1.3) and I was good to go.
Now I don't think I ever got whacked but who can ever be sure :)
Good luck!
-
Unsu...
Re: Blocking by Country Code
Sat, September 17, 2005 - 5:22 PM
Cesspools like Ukraine and Russia don't deserve to be on the Internet, so I just block them entirely - not just from Apache.
Add this to your /ets/hosts.deny:
ALL: .ru
That keeps them out of everything.
-
Re: Blocking by Country Code
Mon, September 19, 2005 - 2:40 PMIf you're really concerned about hackers, you may want to think about restricting them at the firewall level.
Blocking them on the webserver level means that they already have some limited access to your network. Blocking from Apache will only protect Apache, and it's possible there are other vulnerabilities on that same machine, or on other machines which are on the same network.
