Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    Regular Coder
    Join Date
    Mar 2011
    Posts
    164
    Thanks
    7
    Thanked 0 Times in 0 Posts

    How effective .htaccess at blocking countries?

    Is it a waste of time or does it stop the script kiddy russians and chinese?

    I have installed the block Russia script since no one there or other blocked countries have any interest in my site - (no offense to those fine folks) but are we wasting our time with this generic script?

  • #2
    New to the CF scene
    Join Date
    Jun 2011
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by listerdl View Post
    Is it a waste of time or does it stop the script kiddy russians and chinese?

    I have installed the block Russia script since no one there or other blocked countries have any interest in my site - (no offense to those fine folks) but are we wasting our time with this generic script?
    I am wondering the same thing.

    Is it a script that is passing things like "\xc3\xee/n\x80l\x99\xadZ\xccZ\xccZ\xe8\x14Q"\xcc\x9c\xabe'\xe0\x9d\xbe\x90\xaa\x01F\xd4\x89*\x10?\xca\xbc\xa5 H\x16z\x0c\xa0\x01<\xa0\xd1s" 400 520 "-" "-" ????

    to which my apache replies [error] [client 70.119.156.172] request failed: error reading the headers.

    That IP is out of FLORIDA,USA this time and it sure looks like an attack to me. So if the block works, they will just proxy and attack from within?

  • #3
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,647
    Thanks
    2
    Thanked 406 Times in 398 Posts
    Quote Originally Posted by listerdl View Post
    Is it a waste of time or does it stop the script kiddy russians and chinese?
    You are wasting your time if you are using an IP block thinking that it is going to be effective against a targeted attack. A better approach is to have several layers of protection. For example, using mod_security with a good ruleset will block ~99% of those types of requests, but if you have an insecure application or bad security practices you can still get exploited. Always make backups in addition to your proactive security measures. There is no universal solution for security, though.

    Quote Originally Posted by cernst77 View Post
    That IP is out of FLORIDA,USA this time and it sure looks like an attack to me. So if the block works, they will just proxy and attack from within?
    Well, you certainly can't block an IP and think you are done. You might stop that one IP from accessing your server, but script kiddies are scanning IP blocks constantly for weaknesses and will almost certainly be able to proxy through another server they have exploited and reach your site. That is not to say the requests you guys are getting are specifically after you. They are likely part of a larger scan of your network.

  • #4
    Regular Coder
    Join Date
    Mar 2011
    Posts
    164
    Thanks
    7
    Thanked 0 Times in 0 Posts
    Is it fairly straightforward to install modsecurity?


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •