Re: new, not nice web bots disposal

To: debian-user@lists.debian.org
Subject: Re: new, not nice web bots disposal
From: Gene Heskett <gheskett@shentel.net>
Date: Wed, 26 Feb 2020 14:48:56 -0500
Message-id: <[🔎] 202002261448.56830.gheskett@shentel.net>
In-reply-to: <[🔎] E1j72FQ-0008Fy-E9@enotuniq.net>
References: <[🔎] 202002260357.51369.gheskett@shentel.net> <[🔎] 202002261415.18196.gheskett@shentel.net> <[🔎] E1j72FQ-0008Fy-E9@enotuniq.net>

On Wednesday 26 February 2020 14:21:31 Reco wrote:

> On Wed, Feb 26, 2020 at 02:15:18PM -0500, Gene Heskett wrote:
> > On Wednesday 26 February 2020 13:54:09 Reco wrote:
> > > 	Hi.
> > >
> > > On Wed, Feb 26, 2020 at 01:50:40PM -0500, Lee wrote:
> > > > On 2/26/20, Gene Heskett <gheskett@shentel.net> wrote:
> > > > > over the last 90 days or so, we seem to have been plauged with
> > > > > a new breed of bots scanning our web pages, and they are not
> > > > > just indexing our web pages I don't mind that, but they are
> > > > > ignoring our robots.txt and are  mirroring anything apache2
> > > > > can reach, including stuff thats there but not reachable by a
> > > > > normal browser just looking around and clicking on links.
> > > >
> > > >   <.. snip ..>
> > > >
> > > > > To add a new rule, covering that whole 256 address block
> > > > > because they seem to have a random address, changed about
> > > > > weekly, in that block:
> > > > >
> > > > > root@coyote:iptables$ cat iptables-add
> > > > >
> > > > > #!/bin/bash
> > > > > iptables -I INPUT -s add.ress.to.block/24 -j DROP
> > > >
> > > > Have you considered REJECT instead of DROP?
> > >
> > > A neat idea for your LAN. A bad idea in this case.
> > >
> > > You *want* that other side to retry, wasting their time instead of
> > > spamming their target. In fact, one should consider using TARPIT
> > > instead of a DROP here.
> >
> > Now thats a thought, does it take much fiddling to set that up? 
> > Links to tuts plz.
>
> You have to use testing or sid for that. [1] is a place to start,
> [2] will be needed too.
>
> [1] https://packages.debian.org/bullseye/xtables-addons-dkms
> [2] https://packages.debian.org/bullseye/xtables-addons-common
>
> Reco

Ahh, and I'm still on stretch, 9-11 so I'll have to start by upgrading to 
buster.  Is there a recipe for that, its about time and I am beginning 
to like what I see of buster on an rpi4b. I've been dragging my feet 
waiting for the linuxcnc guys to spin a buster install iso, but lots of 
python stuff has disappeared, making it very difficult to make all its 
toys work on buster. If my results of building it on buster are any 
indication, there's likely 20+ python libraries we'll have to assume 
support for just for x86 stuffs.

My machines that are running machines don't have near as much 
gingerbready stuff installed, so they will be easier than this one to 
update.  And the rest are still on wheezy. But I'm not too worried, I've 
got dd-wrt between me and the black hat crowd.

All the other tarpit thingies I've looked at take more work than I've 
time to play setting them up.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply to:

References:
- new, not nice web bots disposal
  - From: Gene Heskett <gheskett@shentel.net>
- Re: new, not nice web bots disposal
  - From: Gene Heskett <gheskett@shentel.net>
- Re: new, not nice web bots disposal
  - From: Reco <recoverym4n@enotuniq.net>

Prev by Date: Re: new, not nice web bots disposal
Next by Date: linq
Previous by thread: Re: new, not nice web bots disposal
Next by thread: Re: new, not nice web bots disposal
Index(es):
- Date
- Thread