Is Abyss V 2.7 Ban different than Host's IP address control

 
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
Axis
-


Joined: 29 Sep 2003
Posts: 336

PostPosted: Fri Jul 29, 2011 12:51 am    Post subject: Is Abyss V 2.7 Ban different than Host's IP address control Reply with quote

Does Abyss V 2.7 "Ban" via the Anti-Hacking feature differ from Host's IP Address Control (which responds with a 403 Forbidden)? In other words, do "banned" IP addresses get a 403 error or are they just getting completely shut off from the site (and probably getting a "can't connect to server" if they are using a browser and a not-much if they are a robot.

Secondly, in abyss.conf is there a place that holds the Banned IP or is that somewhere else inaccessible?

If above is yes, where in abyss.conf would that IP reside?

*Below is a long story you don't have to read but might want to if you ever decide to offer nph-proxy or cgi-proxy on your site*

My need to know is based on running nph-proxy (or cgi-proxy) in "text only" mode years ago when I was trying to help international users behind government firewalls, etc. I discovered it was becoming completely taken over by search robots, even the biggies like Yahoo and Baidu (they were fixed by my robots.txt) but other bots have it coded it into their systems. I have had cgi-proxy removed and robots have latched on to it and they have been getting 404's for *YEARS* and still do not stop.

Finally, I decided I would at least mess with their databases so instead of them getting a 404 (which they might interpret as the supposed page requested through cgi-proxy), I renamed a re-direct perl script to "cgi-proxy" and have it instantly display not a 404 but a safe_surf_has_ended.html page where I kind of tell them off for being such stupid robots ;-) for any human who just may end of reading it and after 30 sec. they are redirected for a third time to a page on my site through a meta-refresh. Ok, long story. The robots don't get meta-refreshed and the safe_surf_has_ended.html is just slightly larger than the default abyss 404 page so I am no worse than I have been before. But I don't want to mess with a firewall on a server and making thirty thousand exceptions in a production environment. AVG's resident shield has stopped anything malicious. But it would be nice to get some handle on a way of handling ip addresses that just don't care if they get a 403 or 404 so I ask about the Anti-Hack Ban feature.

Regards,
Axis (whoa, that was longer than I intended)
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 1295

PostPosted: Fri Jul 29, 2011 11:22 am    Post subject: Re: Is Abyss V 2.7 Ban different than Host's IP address cont Reply with quote

Axis wrote:
Does Abyss V 2.7 "Ban" via the Anti-Hacking feature differ from Host's IP Address Control (which responds with a 403 Forbidden)? In other words, do "banned" IP addresses get a 403 error or are they just getting completely shut off from the site (and probably getting a "can't connect to server" if they are using a browser and a not-much if they are a robot.


Yes, that's exactly how it works. Normal IP allow/deny rules generate Error 403 and disallowed IPs get a response. But anti-hacking does not send such a response and immediately closes the connection from banned IPs. That's an effective way to respond since an offending IP can just open a connection, and the server should wait for the request (which can take minutes to be sent if targeted by a malicious robot) before being able to send a HTTP error. Meanwhile, a connection is held by that robot and if you set your maximum number of connections to 100 and have 100 open connections with slow requests, your server could become unresponsive for the rest of the world. That's why we decided to close the connection immediately if it is identified from a banned IP (without even bothering to send a clear response).

Quote:
Secondly, in abyss.conf is there a place that holds the Banned IP or is that somewhere else inaccessible?

If above is yes, where in abyss.conf would that IP reside?


This information is stored in the file persist.data .

Quote:
*Below is a long story you don't have to read but might want to if you ever decide to offer nph-proxy or cgi-proxy on your site*

My need to know is based on running nph-proxy (or cgi-proxy) in "text only" mode years ago when I was trying to help international users behind government firewalls, etc. I discovered it was becoming completely taken over by search robots, even the biggies like Yahoo and Baidu (they were fixed by my robots.txt) but other bots have it coded it into their systems. I have had cgi-proxy removed and robots have latched on to it and they have been getting 404's for *YEARS* and still do not stop.

Finally, I decided I would at least mess with their databases so instead of them getting a 404 (which they might interpret as the supposed page requested through cgi-proxy), I renamed a re-direct perl script to "cgi-proxy" and have it instantly display not a 404 but a safe_surf_has_ended.html page where I kind of tell them off for being such stupid robots ;-) for any human who just may end of reading it and after 30 sec. they are redirected for a third time to a page on my site through a meta-refresh. Ok, long story. The robots don't get meta-refreshed and the safe_surf_has_ended.html is just slightly larger than the default abyss 404 page so I am no worse than I have been before. But I don't want to mess with a firewall on a server and making thirty thousand exceptions in a production environment. AVG's resident shield has stopped anything malicious. But it would be nice to get some handle on a way of handling ip addresses that just don't care if they get a 403 or 404 so I ask about the Anti-Hack Ban feature.

Regards,
Axis (whoa, that was longer than I intended)


It is difficult to detect visitors (or bots) which do not care for errors. One should have a very complex algorithm to decide if the logged URLs are from a bot or from a human and if this is an attack. It's like profiling a criminal: there isn't a single profile, there are many.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
Axis
-


Joined: 29 Sep 2003
Posts: 336

PostPosted: Fri Jul 29, 2011 4:12 pm    Post subject: Reply with quote

Thank you admin--

That was just what I was wanting to know.

Kind Regards, (and thanks again for the help priority support provided in moving my site and the URL Rewrite Rule they gave me---Google just would not index anything on a no-ip address, though Bing would...mainly through Yahoo. Now Google is indexing my site)

Axis
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 1295

PostPosted: Sat Aug 13, 2011 12:22 am    Post subject: Reply with quote

Axis,

You're welcome. Glad to know that the URL rewriting rules are working fine now.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group