Tag: iptables

More Stupid Trackback and Comment Spammers

2005-06-02 / / 0 Comments

Ok, started to notice a dramtic and sudden increase in traffic to my site yesterday. Turns out that all of these folks were headed to the same place at this host:

/index.php?disp=stats

So, when I checked this out, they were all indicating referrals from the usual illicit medication and adult sites.

<sigh> More trackback and comment spam.

Now, I know that this page exists in b2evolution, and it is a way for visitors to view my traffic stats. However, a link to this page does not exist in my main display page. The only link to my stats is to my StatCounter stats.

Enter mod_rewite.

A simple rule disposes with these morons.

RewriteCond %{QUERY_STRING} disp=stats
RewriteRule ^.*$ http://www.pierzchala.com:9080/ [R,L,NS]

Please do not attempt to load the redirected URL; you will get nothing. NADA! That port is set to be dropped by iptables, effectively hanging the client end as it attempts to make a TCP connection.

/sbin/iptables -A INPUT -p tcp -i eth0 -s 0/0 --dport 9080 -j DROP

I use iptables to handle a lot of these morons. As the only people who view this page are infected with some virus or spyware, then I feel no shame in tying up their systems.

Bots from hell, and a plea for a free-to-use public “DROP” Port

2005-03-09 / / 0 Comments

There is some idiot out there running a bot/attack protocol using a referring URL that always ends with ‘.eu.tt’.

Turns out that there was more than one IP involved. IPTABLES took care of them.

/sbin/iptables -A INPUT -s 200.123.9.119 -j DROP
/sbin/iptables -A INPUT -s 195.54.87.222 -j DROP
/sbin/iptables -A INPUT -s 194.47.95.115 -j DROP
/sbin/iptables -A INPUT -s 198.234.202.130 -j DROP
/sbin/iptables -A INPUT -s 198.234.202.131 -j DROP

Please use DROP. This stalls the buggers, as they get stuck in an endless trap of trying to open a TCP connection with your server.

Does anyone know of a server that has an open DROP rule for Port 80? This would be a useful online tool for folks who can re-direct annoying traffic through server configs, but who can’t control the firewall or IPTABLES.

Simple set-up. Get a domain, register it. Get a DNS record to say that www.foobar.com is the machine’s IP Address. Then use IPTABLES to DROP all Port 80 inbound traffic. Publish the URL. Watch the fun!

What’s the fun? Well, when you publish the address and explain that anyone can use targetted re-directions to send unwanted traffic to this place of lost TCP connections, and annoying bots get stuck.

It’s a simple IPTABLES rule. For my machine, it would be:

/sbin/iptables -A INPUT -p tcp -i eth0 -s 0/0 --dport 80 -j DROP

Which, in IPTABLES speak, means “Any [-s 0/0] inbound traffic on network interface eth0 [-i eth0], headed for TCP port 80 [–dport 80], should be quietly dropped [-j DROP]“.

Please do not try this on a production server! All of your HTTP traffic will disappear! However, you could re-write it slightly, and still preserve port 80 for standard HTTP, like, statistics on the distinct IPs stuck in your flypaper.

Change ‘http://www.foobar.com/’ to ‘http://www.foobar.com:9080/’ and adjust the IPTABLES rule accordingly.

/sbin/iptables -A INPUT -p tcp -i eth0 -s 0/0 --dport 9080 -j DROP

Ok, my rant is done. Have fun, and use these tools wisely.

Copyright © 2024 Performance Zen

Theme by Anders NorenUp ↑