Re: new, not nice web bots disposal
On Wed, Feb 26, 2020 at 02:15:18PM -0500, Gene Heskett wrote:
> On Wednesday 26 February 2020 13:54:09 Reco wrote:
>
> > Hi.
> >
> > On Wed, Feb 26, 2020 at 01:50:40PM -0500, Lee wrote:
> > > On 2/26/20, Gene Heskett <gheskett@shentel.net> wrote:
> > > > over the last 90 days or so, we seem to have been plauged with a
> > > > new breed of bots scanning our web pages, and they are not just
> > > > indexing our web pages I don't mind that, but they are ignoring
> > > > our robots.txt and are mirroring anything apache2 can reach,
> > > > including stuff thats there but not reachable by a normal browser
> > > > just looking around and clicking on links.
> > >
> > > <.. snip ..>
> > >
> > > > To add a new rule, covering that whole 256 address block because
> > > > they seem to have a random address, changed about weekly, in that
> > > > block:
> > > >
> > > > root@coyote:iptables$ cat iptables-add
> > > >
> > > > #!/bin/bash
> > > > iptables -I INPUT -s add.ress.to.block/24 -j DROP
> > >
> > > Have you considered REJECT instead of DROP?
> >
> > A neat idea for your LAN. A bad idea in this case.
> >
> > You *want* that other side to retry, wasting their time instead of
> > spamming their target. In fact, one should consider using TARPIT
> > instead of a DROP here.
>
> Now thats a thought, does it take much fiddling to set that up? Links to
> tuts plz.
You have to use testing or sid for that. [1] is a place to start,
[2] will be needed too.
[1] https://packages.debian.org/bullseye/xtables-addons-dkms
[2] https://packages.debian.org/bullseye/xtables-addons-common
Reco
Reply to: