What about adding the ip into the /etc/hosts.deny fie?
I don't know if Apache uses TCP wrappers, but if it does then this would be an easy solution.
I think the best solution is to use iptables though, because you should really already be running it on anything that is public facing.

Just my thoughts though.



On Mon, Jul 26, 2010 at 12:21 PM, Jason Holtzapple <ml@bitflip.net> wrote:
On 07/26/2010 12:10 PM, Mark Phillips wrote:
> I have a server running a school newspaper site. I keep getting hit from
> a server in Belgrade with a bad request, which creates an error and
> causes my database to grow by 1MB/hit. I am trying to track down the bug
> in the database, so my question is really about getting the guy to stop
> hitting my server with this request.
>
> The IP for the request is 212.95.54.48, and I think it is a spider as I
> get other requests from this IP for my site map, contacts page, etc. I
> looked up the IP and I got this from Whois:
> ...
>
> What is the best way to handle this? Send an email to abuse@inferno.name
> <mailto:abuse@inferno.name>, or am I just inviting more abuse? Is there
> a way for apache to block these addresses before it hits my site (apache
> is in front of a plone/zope combination)? I have a robots.txt file at
> the root of my site...

You can block this at your gateway router, your server's firewall
(iptables), or in apache's configuration file. See the Allow and Deny
directives: http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html

Personally, I've never had much luck with abuse addresses except with
large reputable companies.


---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss