[ic] Bad Robot 24 hour wait not doing it's job
peter at pajamian.dhs.org
Mon Sep 19 11:23:41 UTC 2011
On 18/09/11 06:29, Paul Jordan wrote:
> I get a literal TON of this:
> 220.127.116.11 - - [01/December/2010:18:26:32 +0000] XXXXXXXXXXXXXX/card/
> Too many IDs, 24 hour wait enforced.
> Notice it says it's going to enforce a 24 hour wait, but that same IP
> keeps at it. I've been informed that the Robots stuff isn't a very
> thorough defense for these.
Right, all it does is set the VendURL to localhost so that all the links
point to the wrong place. This obviously doesn't prevent further accesses.
> My question to everyone is what are you guys doing to block this
> traffic? There are repeatedly tons of these, and to me it's just stolen
> bandwidth and CPU cycles. Am I missing some standard everyone else is
> aware of, or is there any simple and creative ways to block these?
The way to do this is to set a lockout specialsub that writes an
iptables rule or just add lines to /etc/hosts.deny to block the traffic.
Of course such a rule would have to be removed 24 hours later.
More information about the interchange-users