Oh bother. I sent it direct instead of to the list. sorry.
On 18/11/11 09:25, Ian Douglas wrote:
For about a month one of my websites (or rather the "Contact Us" form on that website) has been under regular, daily, attack from hackers. The attacks are consistently coming from IP Addresses in Rumania and Russia. Each time an attack occurs I use my webhost's cPanel to manually add the IP to my cPanel "IP Deny Manager" list. This is however becoming rather tedious and time consuming and seems the wrong way round to do things as I am denying IP Addresses AFTER they have tried to hack in rather than blocking them BEFORE they attempt it.
Is there a way I can simply deny access to my website (or, better, just it's home-made PHP based "Contact Us" form) to all Eastern European visitors?
Alternatively, since my website is primarily focused on UK customers, would there be an easier way to deny all visitors access unless they came from UK, USA Canada, Eire or Australia?
I realise that this is not specifically a Linux question but any suggestions would be welcome.
I check $_SERVER["HTTP_REFERER"] at the top of the php in the contact form. If it's not set (ie blank) or it is not the url of the page(a) with the "contact us" button on then I kick them back to page(a).
While not foolproof it deters most of the script kiddies.
Also you can pick up the .ru etc. from the referer and kick them out. If you are using apache2 with mod_rewrite enabled you have more but rather complicated options.