...

View Full Version : How effective .htaccess at blocking countries?



listerdl
06-14-2011, 03:42 PM
Is it a waste of time or does it stop the script kiddy russians and chinese?

I have installed the block Russia script since no one there or other blocked countries have any interest in my site - (no offense to those fine folks) but are we wasting our time with this generic script?

cernst77
06-14-2011, 05:11 PM
Is it a waste of time or does it stop the script kiddy russians and chinese?

I have installed the block Russia script since no one there or other blocked countries have any interest in my site - (no offense to those fine folks) but are we wasting our time with this generic script?

I am wondering the same thing.

Is it a script that is passing things like "\xc3\xee/n\x80l\x99\xadZ\xccZ\xccZ\xe8\x14Q"\xcc\x9c\xabe'\xe0\x9d\xbe\x90\xaa\x01F\xd4\x89*\x10?\xca\xbc\xa5H\x16z\x0c\xa0\x01<\xa0\xd1s" 400 520 "-" "-" ????

to which my apache replies [error] [client 70.119.156.172] request failed: error reading the headers.

That IP is out of FLORIDA,USA this time and it sure looks like an attack to me. So if the block works, they will just proxy and attack from within?

Inigoesdr
06-14-2011, 05:57 PM
Is it a waste of time or does it stop the script kiddy russians and chinese?
You are wasting your time if you are using an IP block thinking that it is going to be effective against a targeted attack. A better approach is to have several layers of protection. For example, using mod_security with a good ruleset will block ~99% of those types of requests, but if you have an insecure application or bad security practices you can still get exploited. Always make backups in addition to your proactive security measures. There is no universal solution for security, though.


That IP is out of FLORIDA,USA this time and it sure looks like an attack to me. So if the block works, they will just proxy and attack from within?

Well, you certainly can't block an IP and think you are done. You might stop that one IP from accessing your server, but script kiddies are scanning IP blocks constantly for weaknesses and will almost certainly be able to proxy through another server they have exploited and reach your site. That is not to say the requests you guys are getting are specifically after you. They are likely part of a larger scan of your network.

listerdl
06-18-2011, 04:52 AM
Is it fairly straightforward to install modsecurity?



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum