Blocking the internet underbelly from your server

(1 comment)

People selling unmentionables on the internet resort to spam. One example is the use of comments on Blog articles by robots to advertise pornography and disreputable medications. I have created several blogs, and if I enable comments without administrator approval, within several hours to a day the blog will be covered with thousands of comments advertising things you just don't want on your site.

So what do you do? You can use Akismet to spam filter your comments, but the bots are clever, and will find some other way to nail your site, and while they are hitting your server, they are consuming resources that could be available to legitimate traffic. How do you stop their access altogether? You will need to keep an eye on your site, and block IP ranges.

Generally when these bots go sick leaving comments on your site, they will tie up resources to the point where you get an error. When Django has a problem, it emails me as part of it's reporting capability. The information I get sent contains:

'REQUEST_URI': '/comment/',
'REMOTE_ADDR': '193.201.224.104',
'SERVER_NAME': 'djangowebsites.com.au',

Also, access to your webserver is recorded in your logs, and you can view the last 100 lines of your log file with

tail -100 /var/log/apache2/access.log | less

The first thing I want to do is find out is location of the attack, and for this I use one of the excellent IP Locators. Putting the IP in the site shows me a map of Sergii in the Ukraine. This whole class of addresses would belong to that region, and as I don't do much business there, I will generally block the 24 bit range of addresses. To do this in Ubuntu, either as root or with sudo:

root@brunel:~# iptables-save > /etc/iptables.rules
root@brunel:~# /sbin/iptables -I INPUT -s 193.201.224.0/24 -j DROP

As soon as you do this, every hit to your server from this IP range will be dropped.

Currently unrated

Comments

Jason Thorne 2 years, 8 months ago

Akismet is a Wordpress tool, but Mezzanine can utilise this spam filtering also

Link | Reply
Currently unrated

New Comment

required

required (not published)

optional