IMHO, why not use the web server for this? most intelligent web servers
handle this for you, and if needed get caudium http://www.caudium.net . I
Know you can use it to do referry based denying.
No need to re-invent the wheel and bloat the scripts...
> The scripts do not do any HTTP_REFERRER checking, but that could easily
> be built in to any version of the scripts
>
> Charles Daminato
> TUCOWS Product Manager
> chuck@tucows.com
>
> On Thu, 13 Sep 2001, Matthew Asham wrote:
>
> > Since September 4th we've had 16987 identical requests from
24.27.115.199 to
> > our reg_system.cgi.
> >
> > The request is an HTTP/1.0 post request with
> > action=lookup&domain=somedomain.foo&affiliate_id=
> >
> > The UserAgent is reported as Mozilla Compatible (MS IE 3.01 WinNT) and
> > it sends a Host header even though it's doing an HTTP/1.0 request.
> >
> > A quick grep through a few minutes worth of snort caps show lookups
> > for many domain names : mmb.net, tdt.net, mof.com, aol.org, ugm.com,
> > byq.org, kof.org, y2k.net, 3fs.com, zvv.com, v2t.com, etc.).
> >
> > The script is not hammering us at all (no doubt how they avoided
> > attention this long), requests are coming in at intervals of 4 seconds
up
> > over a minute.
> >
> > I've already contacted RR about this, but I figured I'd mention it just
in
> > case others are experiencing the same.
> >
> > Do the 2.4 scripts do HTTP_REFERER checking? If not, then I would
really
> > like to
> > see this get added in some build.
> >
> > Thanks and good night
> >
> > MAtthew
> >
> > --
> > Matthew Asham, VE7UDP
> > Left Coast Systems Corp, SuperWebhost.com
> >
> >
> >
>
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:36:42 EDT