Go Back   CodingForums.com > :: Server side development > Apache configuration
Reload this Page How effective .htaccess at blocking countries?

Before you post, read our: Rules & Posting Guidelines

Reply
 
Thread Tools Rate Thread
Enjoy an ad free experience by logging in. Not a member yet? Register.
Old 06-14-2011, 02:42 PM   PM User | #1
listerdl
Regular Coder

 
Join Date: Mar 2011
Posts: 157
Thanks: 7
Thanked 0 Times in 0 Posts
listerdl is an unknown quantity at this point
How effective .htaccess at blocking countries?
Is it a waste of time or does it stop the script kiddy russians and chinese?

I have installed the block Russia script since no one there or other blocked countries have any interest in my site - (no offense to those fine folks) but are we wasting our time with this generic script?
listerdl is offline   Reply With Quote
Old 06-14-2011, 04:11 PM   PM User | #2
cernst77
New to the CF scene

 
Join Date: Jun 2011
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
cernst77 is an unknown quantity at this point
Quote:
Originally Posted by listerdl View Post
Is it a waste of time or does it stop the script kiddy russians and chinese?

I have installed the block Russia script since no one there or other blocked countries have any interest in my site - (no offense to those fine folks) but are we wasting our time with this generic script?
I am wondering the same thing.

Is it a script that is passing things like "\xc3\xee/n\x80l\x99\xadZ\xccZ\xccZ\xe8\x14Q"\xcc\x9c\xabe'\xe0\x9d\xbe\x90\xaa\x01F\xd4\x89*\x10?\xca\xbc\xa5 H\x16z\x0c\xa0\x01<\xa0\xd1s" 400 520 "-" "-" ????

to which my apache replies [error] [client 70.119.156.172] request failed: error reading the headers.

That IP is out of FLORIDA,USA this time and it sure looks like an attack to me. So if the block works, they will just proxy and attack from within?
cernst77 is offline   Reply With Quote
Old 06-14-2011, 04:57 PM   PM User | #3
Inigoesdr
Super Moderator


 
Inigoesdr's Avatar
 
Join Date: Mar 2007
Location: Florida, USA
Posts: 3,601
Thanks: 2
Thanked 397 Times in 390 Posts
Inigoesdr is a jewel in the roughInigoesdr is a jewel in the roughInigoesdr is a jewel in the rough
Quote:
Originally Posted by listerdl View Post
Is it a waste of time or does it stop the script kiddy russians and chinese?
You are wasting your time if you are using an IP block thinking that it is going to be effective against a targeted attack. A better approach is to have several layers of protection. For example, using mod_security with a good ruleset will block ~99% of those types of requests, but if you have an insecure application or bad security practices you can still get exploited. Always make backups in addition to your proactive security measures. There is no universal solution for security, though.

Quote:
Originally Posted by cernst77 View Post
That IP is out of FLORIDA,USA this time and it sure looks like an attack to me. So if the block works, they will just proxy and attack from within?
Well, you certainly can't block an IP and think you are done. You might stop that one IP from accessing your server, but script kiddies are scanning IP blocks constantly for weaknesses and will almost certainly be able to proxy through another server they have exploited and reach your site. That is not to say the requests you guys are getting are specifically after you. They are likely part of a larger scan of your network.
Inigoesdr is offline   Reply With Quote
Old 06-18-2011, 03:52 AM   PM User | #4
listerdl
Regular Coder

 
Join Date: Mar 2011
Posts: 157
Thanks: 7
Thanked 0 Times in 0 Posts
listerdl is an unknown quantity at this point
Is it fairly straightforward to install modsecurity?
listerdl is offline   Reply With Quote
Reply

Bookmarks

Jump To Top of Thread


« Previous Thread | Next Thread »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 11:18 AM.
Advertisement
Log in to turn off these ads.