Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a little photoblog that I am running from my web server at home. Its using pixelpost software, which is coded in php. There is a page photoblogindex.php?x=xref that shows the top refferals to my site.
There are scripts or worms or something that is continously connecting to my site to move the sites they are advertising up to the top of the list.
I first tried getting rid of the xref page and thought that this would help but when they try to connect to it it just brings up a template page and not a 404 or anything and the bots keep connecting thinking that they are working. This is bogging down my oldtimer of a computer and my internet connection.
I am looking for some advise because I can not figure out what to do. Should I do something with tcp wrappers? Special access rules? Something in apache config? The sites that they are promoting change names all fo the time so blocking certain reffering sites is a constant battle.
I like that Idea. how do I do that? Its a php page so it request for the page is like this example.com/index.php?x=ref
Could I make the php page grab the ip address and then write this to a .htaccess file? or is there an easier way?
Originally posted by hypexr I like that Idea. how do I do that? Its a php page so it request for the page is like this example.com/index.php?x=ref
Could I make the php page grab the ip address and then write this to a .htaccess file? or is there an easier way?
That is a good idea, however, it would still be nice if you provided some data.
To supplement that idea, you might as well lof the ips and put them into the ip ban list.
This would probably be considered a bit of a lame way to avoid them, but I have
major hits from Windoze script kiddies trying exploits on my server in China. I just
changed the port from 80 to another port, and since July there have been zero of
those attempts. This does require adding the port to the link, which isn't a problem
as mine is just photos posted for "the folks back home" to view. It did, however,
eliminate the kids who aren't smart enough to do anything more than scan port 80,
and/or use non-intelligent software designed for Windoze. Which freed me up
to spend time on the real bad guys ...
Yeah, changing the port is a good method for avoiding this kind of thing and I need to do it for ssh (these ssh bots are getting crazy also). I don't really want web visitors having to know about ports, though.
I read through all of those examples on your link cs-cam, they will be easy to modify for my situation. I can't wait to get the time to get that going. Thanks!!
you should definitely password protect any page that lists referrers. that's what the bad guys are after, and as long as that's public, you're going to keep getting hit with new ones even if you clear out the current ones. do a google for "referrer spam" to find out more, and about prevention tactics and fixes.
>>edit: the wikipedia entry even has a sample blocking script:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.