For about a month one of my websites (or rather the "Contact Us" form on that website) has been under regular, daily, attack from hackers. The attacks are consistently coming from IP Addresses in Rumania and Russia. Each time an attack occurs I use my webhost's cPanel to manually add the IP to my cPanel "IP Deny Manager" list. This is however becoming rather tedious and time consuming and seems the wrong way round to do things as I am denying IP Addresses AFTER they have tried to hack in rather than blocking them BEFORE they attempt it.
Is there a way I can simply deny access to my website (or, better, just it's home-made PHP based "Contact Us" form) to all Eastern European visitors?
Alternatively, since my website is primarily focused on UK customers, would there be an easier way to deny all visitors access unless they came from UK, USA Canada, Eire or Australia?
I realise that this is not specifically a Linux question but any suggestions would be welcome.
Ian.
Have a look at http://ipinfodb.com/ip_location_api.php - it will give you a country based upon an IP address. A little bit of scripting should allow you to only enable your "Contact Us" form to work for the countries you select. There's even a bit of PHP to get you started ...
Greg
On 18 November 2011 09:25, Ian Douglas aluger@k1ngph1cher.com wrote:
For about a month one of my websites (or rather the "Contact Us" form on that website) has been under regular, daily, attack from hackers. The attacks are consistently coming from IP Addresses in Rumania and Russia. Each time an attack occurs I use my webhost's cPanel to manually add the IP to my cPanel "IP Deny Manager" list. This is however becoming rather tedious and time consuming and seems the wrong way round to do things as I am denying IP Addresses AFTER they have tried to hack in rather than blocking them BEFORE they attempt it.
Is there a way I can simply deny access to my website (or, better, just it's home-made PHP based "Contact Us" form) to all Eastern European visitors?
Alternatively, since my website is primarily focused on UK customers, would there be an easier way to deny all visitors access unless they came from UK, USA Canada, Eire or Australia?
I realise that this is not specifically a Linux question but any suggestions would be welcome.
Ian.
main@lists.alug.org.uk http://www.alug.org.uk/ http://lists.alug.org.uk/mailman/listinfo/main Unsubscribe? See message headers or the web site above!
On Friday 18 November 2011 09:25:58 Ian Douglas wrote:
For about a month one of my websites (or rather the "Contact Us" form on that website) has been under regular, daily, attack from hackers. The attacks are consistently coming from IP Addresses in Rumania and Russia. Each time an attack occurs I use my webhost's cPanel to manually add the IP to my cPanel "IP Deny Manager" list. This is however becoming rather tedious and time consuming and seems the wrong way round to do things as I am denying IP Addresses AFTER they have tried to hack in rather than blocking them BEFORE they attempt it.
Is there a way I can simply deny access to my website (or, better, just it's home-made PHP based "Contact Us" form) to all Eastern European visitors?
Alternatively, since my website is primarily focused on UK customers, would there be an easier way to deny all visitors access unless they came from UK, USA Canada, Eire or Australia?
I realise that this is not specifically a Linux question but any suggestions would be welcome.
Ian.
There is a chargeable service that may help: http://www.ip2location.com/tutorials/redirect-web-visitors-by-country-using-... and-mysql-database
main@lists.alug.org.uk http://www.alug.org.uk/ http://lists.alug.org.uk/mailman/listinfo/main Unsubscribe? See message headers or the web site above!
__________ Information from ESET Mail Security, version of virus signature database 6639 (20111117) __________
The message was checked by ESET Mail Security. http://www.eset.com
Stuart Bailey BSc (hons) CEng CITP MBCS LinuSoft (Managing Director) Linux Specialist & Software Developer ~~~~~~~~~~~~~~~~~~~~~~~ Phone: (0845) 658 3563 Direct: +44 (0) 1953 878162 Fax: +44 (0) 1603 858583 ~~~~~~~~~~~~~~~~~~~~~~~ http://www.linusoft.co.uk
__________ Information from ESET Mail Security, version of virus signature database 6640 (20111118) __________
The message was checked by ESET Mail Security. http://www.eset.com
On 18 Nov 09:25, Ian Douglas wrote:
For about a month one of my websites (or rather the "Contact Us" form on that website) has been under regular, daily, attack from hackers. The attacks are consistently coming from IP Addresses in Rumania and Russia. Each time an attack occurs I use my webhost's cPanel to manually add the IP to my cPanel "IP Deny Manager" list. This is however becoming rather tedious and time consuming and seems the wrong way round to do things as I am denying IP Addresses AFTER they have tried to hack in rather than blocking them BEFORE they attempt it.
Is there a way I can simply deny access to my website (or, better, just it's home-made PHP based "Contact Us" form) to all Eastern European visitors?
Alternatively, since my website is primarily focused on UK customers, would there be an easier way to deny all visitors access unless they came from UK, USA Canada, Eire or Australia?
I realise that this is not specifically a Linux question but any suggestions would be welcome.
Add a GeoIP lookup to the ContactUs page, and if it's not from where you want display a different output - e.g. "Sorry, you're not allowed to visit this site", or change the response to a redirect to a different contact page.
On 18/11/11 10:16, Brett Parker wrote:
Add a GeoIP lookup to the ContactUs page, and if it's not from where you want display a different output - e.g. "Sorry, you're not allowed to visit this site", or change the response to a redirect to a different contact page.
I'd second Brett's suggestion. There are GeoIP libraries for PHP, and for Ubuntu at least all it takes is "sudo apt-get install php5-geoip" to get them installed. Then: geoip_country_code_by_name("<ip.addr.here>") .. will get you the country code.
Actually for your purposes, just a continent code lookup may suffice: http://www.php.net/manual/en/function.geoip-continent-code-by-name.php
I run a forum and the number of spam signups was getting beyond the joke. I used to do as you have been doing and block the IP's but they always popped up again. The majority are from bots and most now can crack a Captcha. What has proved to be most effective is having a simple questions and answer, I just have four that randomly rotate on each sign up. Haven't had a single spam sign up since I done it. http://www.xaprb.com/blog/2006/01/28/captchas-done-better/ gives an idea for PHP coding.
----- Original Message ----- From: "Ian Douglas" aluger@k1ngph1cher.com To: "ALUG List" main@lists.alug.org.uk Sent: Friday, November 18, 2011 9:25 AM Subject: [ALUG] How can I deny certain countries access to my website
For about a month one of my websites (or rather the "Contact Us" form on that website) has been under regular, daily, attack from hackers. The attacks are consistently coming from IP Addresses in Rumania and Russia. Each time an attack occurs I use my webhost's cPanel to manually add the IP to my cPanel "IP Deny Manager" list. This is however becoming rather tedious and time consuming and seems the wrong way round to do things as I am denying IP Addresses AFTER they have tried to hack in rather than blocking them BEFORE they attempt it.
Is there a way I can simply deny access to my website (or, better, just it's home-made PHP based "Contact Us" form) to all Eastern European visitors?
Alternatively, since my website is primarily focused on UK customers, would there be an easier way to deny all visitors access unless they came from UK, USA Canada, Eire or Australia?
I realise that this is not specifically a Linux question but any suggestions would be welcome.
Ian.
main@lists.alug.org.uk http://www.alug.org.uk/ http://lists.alug.org.uk/mailman/listinfo/main Unsubscribe? See message headers or the web site above!
On Fri, Nov 18, 2011 at 1:56 PM, Tony tony@ttiger.co.uk wrote:
I run a forum and the number of spam signups was getting beyond the joke. I used to do as you have been doing and block the IP's but they always popped up again. The majority are from bots and most now can crack a Captcha. What has proved to be most effective is having a simple questions and answer, I just have four that randomly rotate on each sign up. Haven't had a single spam sign up since I done it. http://www.xaprb.com/blog/2006/01/28/captchas-done-better/ gives an idea for PHP coding.
Have you noticed any drop off in the number of new user sign ups since you implemented the questions? It's surprising how many people can fail to answer even the most seemingly simple questions correctly.
"Tony" tony@ttiger.co.uk
[...] The majority are from bots and most now can crack a Captcha. What has proved to be most effective is having a simple questions and answer, I just have four that randomly rotate on each sign up. Haven't had a single spam sign up since I done it.
When they crack that, http://textcaptcha.com/ is probably the next step.
Trouble is, any sufficiently popular site will also attract human spammers, so you also need some anti-spam measures, like not letting people post links just because they've signed up (like: no homepage link in the profile until after they've made N links).
As well as most of them being fairly crackable automatically, image and sound captchas also block users with even fairly minor disabilities, so I think they probably make one fall foul of the Equality Act 2010, but I also think we're still waiting for case law.
Good luck!
On Fri, 18 Nov 2011 18:16:11 +0000 (GMT) MJ Ray mjr@phonecoop.coop allegedly wrote:
"Tony" tony@ttiger.co.uk
[...] The majority are from bots and most now can crack a Captcha. What has proved to be most effective is having a simple questions and answer, I just have four that randomly rotate on each sign up. Haven't had a single spam sign up since I done it.
When they crack that, http://textcaptcha.com/ is probably the next step.
I quite like this one:
http://random.irb.hr/signup.php
But then it may discourage some real signups.
Mick
Oh bother. I sent it direct instead of to the list. sorry.
On 18/11/11 09:25, Ian Douglas wrote:
For about a month one of my websites (or rather the "Contact Us" form on that website) has been under regular, daily, attack from hackers. The attacks are consistently coming from IP Addresses in Rumania and Russia. Each time an attack occurs I use my webhost's cPanel to manually add the IP to my cPanel "IP Deny Manager" list. This is however becoming rather tedious and time consuming and seems the wrong way round to do things as I am denying IP Addresses AFTER they have tried to hack in rather than blocking them BEFORE they attempt it.
Is there a way I can simply deny access to my website (or, better, just it's home-made PHP based "Contact Us" form) to all Eastern European visitors?
Alternatively, since my website is primarily focused on UK customers, would there be an easier way to deny all visitors access unless they came from UK, USA Canada, Eire or Australia?
I realise that this is not specifically a Linux question but any suggestions would be welcome.
I check $_SERVER["HTTP_REFERER"] at the top of the php in the contact form. If it's not set (ie blank) or it is not the url of the page(a) with the "contact us" button on then I kick them back to page(a).
While not foolproof it deters most of the script kiddies.
Also you can pick up the .ru etc. from the referer and kick them out. If you are using apache2 with mod_rewrite enabled you have more but rather complicated options.
Hi Folks,
Thanks for all your interesting and useful suggestions. I will try some of them out tomorrow.
Thanks again for all your suggestions,
Ian.
-
Brett Parker -
Greg Thomas -
Ian Douglas -
Mark Rogers -
mick -
MJ Ray -
nev young -
Ricky Bruce -
Stuart Bailey -
Tony