Blocking Unwanted Visitors

© March 2009 Anthony Lawrence

Yesterday I happened to notice unusual web activity coming from a set of Hong Kong addresses. A half dozen ip addresses were walking my site, following every link.

I don't really get too upset by that sort of activity. I know that people around the world do that, sometimes to steal content but sometimes just so they can have a local cache. Sometimes it may be a previously unknown search engine collecting information. That's fine.. except..

Legitimate spidering programs should honor my robots.txt which asks them NOT to follow cgi links. This idiot program was using multiple ips and following all the "Comment" and "Printer Friendly" cgi links at a very rapid pace, slowing down the server for everyone else. I can't have that, so I added him to my "bad ip" list.

Most cgi scripts here have a section in them that looks like this:

$rip=$ENV{'REMOTE_ADDR'};
open(BADRIP,"$DATA/badrip");
while (<BADRIP>) {
 chomp;
 if ($rip =~ /^$_/) {
print <<EOF;
Content-type: text/html

<script language="javascript"><!--
location.replace("https://192.0.2.1")
//-->
</script>
EOF
   
exit 0;
 }
} 
close BADRIP;
 

The idea is to redirect him to something that won't resolve, thereby slowing him down. I could do the same thing with pages (and if he keeps on being annoying I will).

I don't leave the ip's in the "badrip" file for more than a few hours - these are almost always DHCP addresses that will recycle to someone else soon enough. Most of the time the "badrip" is empty; it's only when someone becomes really annoying that I use this.

We've talked about blocking by country before:
More ssh ideas
ARIN, APNIC, LAPNIC, RIPE

I don't want to arbitrarily block by country. Yes, an awful lot of "problem" access comes from Asian countries, but I don't see that as reason to lock out everyone from those ip blocks. There is a lot of Asian access because there are a lot of Asian people, and while some of the spidering may be for theft, it can also be for legitimate reasons (though legitimate spiders should be honoring my robots.txt). I'll just continue to handle it on a case by case basis.

You can also block IP's with .htaccess. Add this to your .htaccess file:

Order Allow,Deny

Deny from 211.13.67.89
Deny from 128.345.67.89

Allow from all
 

Those block specific IP's; block entire ranges by leaving off the specific octets:

Order Allow,Deny

Deny from 211.13

Allow from all
 

That blocks a lot of Japan.

Got something to add? Send me email.

---

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us