[CLUE-Tech] precedence question - apache
Charles Oriez
coriez at oriez.org
Wed Aug 11 15:32:05 MDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have one of those search engine placement spammers hitting me, and I
don't have access to my ISP's firewall server.
Their intent is to get their supposed referrer web sites listed on my
webalizer stats page (and the webalizer stats pages of lots of other
people) so that google et al think there are lots of pages linking to them
because they are so popular.
The weird part is that this is wasted effort on their part, since I have my
robots.txt file set not to index my stats page, and the .htaccess file for
that directory only lets a limited number of local IPAs gain access to that
directory anyway.
So I have him blocked both with hosts.deny and with httpd.conf However, he
is still filling up my error_log and access_log, and to some extent wasting
my bandwidth. That has made me mildly annoyed.
First question:
What gets queried first as he comes in the door, hosts.deny or httpd.conf?
I have him blocked in both. I'm running Apache on Red Hat 9
Second question:
Digging through the doc on hosts deny, I can see that rather than routing
him to my 403 page I can execute any shell command I want whenever I get a
hit from that IPA. My evil twin suggested redirecting him to start the
auto download of the 284M service pack 2 for XP so that he can download
that 200 times a day (cogentco charges for excess bandwidth usage). That
probably wouldn't be fair to Microsoft though, so I won't. However, what I
really want is to come up with a shell command that will have a tarpit
effect on him, without costing me any, or very many, machine
cycles. Ideas, anyone?
- --
coriez at oriez.org 39 34' 34.4"N / 105 00' 06.3"W
"...Life is not a journey to the grave with the intention of arriving
safely in one pretty and well preserved piece, but to slide across the
finish line broadside, thoroughly used up, worn out, leaking oil, and
shouting GERONIMO!!!" -- Bill McKenna, date unknown
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
Comment: created 6/26/04 expire 6/25/05 stored MIT & PGP.COM
iQA/AwUBQRqQVLiLNnC0cMkdEQLO+ACg5UHqUTYSF4mshgMYPYMP8NRXGNgAn1e8
phmm2xeVdi4+QimUxhY++iRP
=uR7t
-----END PGP SIGNATURE-----
More information about the clue-tech
mailing list