View previous topic :: View next topic |
Author |
Message |
Axis -
Joined: 29 Sep 2003 Posts: 336
|
Posted: Fri Jul 29, 2011 12:51 am Post subject: Is Abyss V 2.7 Ban different than Host's IP address control |
|
|
Does Abyss V 2.7 "Ban" via the Anti-Hacking feature differ from Host's IP Address Control (which responds with a 403 Forbidden)? In other words, do "banned" IP addresses get a 403 error or are they just getting completely shut off from the site (and probably getting a "can't connect to server" if they are using a browser and a not-much if they are a robot.
Secondly, in abyss.conf is there a place that holds the Banned IP or is that somewhere else inaccessible?
If above is yes, where in abyss.conf would that IP reside?
*Below is a long story you don't have to read but might want to if you ever decide to offer nph-proxy or cgi-proxy on your site*
My need to know is based on running nph-proxy (or cgi-proxy) in "text only" mode years ago when I was trying to help international users behind government firewalls, etc. I discovered it was becoming completely taken over by search robots, even the biggies like Yahoo and Baidu (they were fixed by my robots.txt) but other bots have it coded it into their systems. I have had cgi-proxy removed and robots have latched on to it and they have been getting 404's for *YEARS* and still do not stop.
Finally, I decided I would at least mess with their databases so instead of them getting a 404 (which they might interpret as the supposed page requested through cgi-proxy), I renamed a re-direct perl script to "cgi-proxy" and have it instantly display not a 404 but a safe_surf_has_ended.html page where I kind of tell them off for being such stupid robots ;-) for any human who just may end of reading it and after 30 sec. they are redirected for a third time to a page on my site through a meta-refresh. Ok, long story. The robots don't get meta-refreshed and the safe_surf_has_ended.html is just slightly larger than the default abyss 404 page so I am no worse than I have been before. But I don't want to mess with a firewall on a server and making thirty thousand exceptions in a production environment. AVG's resident shield has stopped anything malicious. But it would be nice to get some handle on a way of handling ip addresses that just don't care if they get a 403 or 404 so I ask about the Anti-Hack Ban feature.
Regards,
Axis (whoa, that was longer than I intended) |
|
Back to top |
|
|
admin Site Admin
Joined: 03 Mar 2002 Posts: 1296
|
Posted: Fri Jul 29, 2011 11:22 am Post subject: Re: Is Abyss V 2.7 Ban different than Host's IP address cont |
|
|
Axis wrote: | Does Abyss V 2.7 "Ban" via the Anti-Hacking feature differ from Host's IP Address Control (which responds with a 403 Forbidden)? In other words, do "banned" IP addresses get a 403 error or are they just getting completely shut off from the site (and probably getting a "can't connect to server" if they are using a browser and a not-much if they are a robot. |
Yes, that's exactly how it works. Normal IP allow/deny rules generate Error 403 and disallowed IPs get a response. But anti-hacking does not send such a response and immediately closes the connection from banned IPs. That's an effective way to respond since an offending IP can just open a connection, and the server should wait for the request (which can take minutes to be sent if targeted by a malicious robot) before being able to send a HTTP error. Meanwhile, a connection is held by that robot and if you set your maximum number of connections to 100 and have 100 open connections with slow requests, your server could become unresponsive for the rest of the world. That's why we decided to close the connection immediately if it is identified from a banned IP (without even bothering to send a clear response).
Quote: | Secondly, in abyss.conf is there a place that holds the Banned IP or is that somewhere else inaccessible?
If above is yes, where in abyss.conf would that IP reside?
|
This information is stored in the file persist.data .
Quote: | *Below is a long story you don't have to read but might want to if you ever decide to offer nph-proxy or cgi-proxy on your site*
My need to know is based on running nph-proxy (or cgi-proxy) in "text only" mode years ago when I was trying to help international users behind government firewalls, etc. I discovered it was becoming completely taken over by search robots, even the biggies like Yahoo and Baidu (they were fixed by my robots.txt) but other bots have it coded it into their systems. I have had cgi-proxy removed and robots have latched on to it and they have been getting 404's for *YEARS* and still do not stop.
Finally, I decided I would at least mess with their databases so instead of them getting a 404 (which they might interpret as the supposed page requested through cgi-proxy), I renamed a re-direct perl script to "cgi-proxy" and have it instantly display not a 404 but a safe_surf_has_ended.html page where I kind of tell them off for being such stupid robots ;-) for any human who just may end of reading it and after 30 sec. they are redirected for a third time to a page on my site through a meta-refresh. Ok, long story. The robots don't get meta-refreshed and the safe_surf_has_ended.html is just slightly larger than the default abyss 404 page so I am no worse than I have been before. But I don't want to mess with a firewall on a server and making thirty thousand exceptions in a production environment. AVG's resident shield has stopped anything malicious. But it would be nice to get some handle on a way of handling ip addresses that just don't care if they get a 403 or 404 so I ask about the Anti-Hack Ban feature.
Regards,
Axis (whoa, that was longer than I intended) |
It is difficult to detect visitors (or bots) which do not care for errors. One should have a very complex algorithm to decide if the logged URLs are from a bot or from a human and if this is an attack. It's like profiling a criminal: there isn't a single profile, there are many. _________________ Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com |
|
Back to top |
|
|
Axis -
Joined: 29 Sep 2003 Posts: 336
|
Posted: Fri Jul 29, 2011 4:12 pm Post subject: |
|
|
Thank you admin--
That was just what I was wanting to know.
Kind Regards, (and thanks again for the help priority support provided in moving my site and the URL Rewrite Rule they gave me---Google just would not index anything on a no-ip address, though Bing would...mainly through Yahoo. Now Google is indexing my site)
Axis |
|
Back to top |
|
|
admin Site Admin
Joined: 03 Mar 2002 Posts: 1296
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|