Script to block IPs - GoFuckYourself.com

yikester · 09-13-2004, 08:15 PM

Hi!
Anybody know of a script that can block IPs receiving a 401 response from the webserver for a certain time? To slow down a DDOS...

Babaganoosh · 09-13-2004, 08:16 PM

.htaccess

yikester · 09-13-2004, 08:19 PM

Yes. But something needs to detect that. I'm looking for a script that does this.

A DDOS comes from a lot of IPs....

uchase/webpry · 09-13-2004, 08:21 PM

try:

/sbin/route add -host XXX.XXX.XXX.XXX 127.0.0.1

yikester · 09-13-2004, 08:25 PM

Come on guys... I know how to block an IP. :-)

I'm looking for a script that watches HTTP response 401, builds a table, counts the 401s and then pulls the plug for that IP.

zentz · 09-13-2004, 08:49 PM

Quote:

Originally posted by Armed & Hammered
.htaccess

Doc911 · 09-13-2004, 09:04 PM

Quote:

Originally posted by yikester
Come on guys... I know how to block an IP. :-)

I'm looking for a script that watches HTTP response 401, builds a table, counts the 401s and then pulls the plug for that IP.

if the http response is 401 it didn't read the script silly. so how exactly did you want to the script to run? locally parcing your log files? hows the script gonna block those ips when it never gets a chance to respond to the http request to begin with? do you have a firewall that reads configuration constantly from a text file or SQL database?

Lane · 09-13-2004, 09:13 PM

www.proxypass.com

yikester · 09-13-2004, 09:15 PM

I've found a solution using a custom error handler recording the failed attempts and telling the firewall what to block. But it needs to be developed furtther.

If anybody knows a solution ready to use, please drop a line.

yikester · 09-13-2004, 09:24 PM

Quote:

Originally posted by Lane
www.proxypass.com

That was a good one. Thanks!

09-13-2004, 08:15 PM	#1
yikester Registered User Join Date: Nov 2002 Posts: 49	Script to block IPs Hi! Anybody know of a script that can block IPs receiving a 401 response from the webserver for a certain time? To slow down a DDOS...

09-13-2004, 08:16 PM	#2
Babaganoosh ♥♥♥ Likes Hugs ♥♥♥ Industry Role: Join Date: Nov 2001 Location: /home Posts: 15,841	.htaccess __________________ I like pie.

09-13-2004, 09:13 PM	#8
Lane Will code for food... Join Date: Apr 2001 Location: Buckeye, AZ Posts: 8,496	www.proxypass.com __________________

09-13-2004, 08:19 PM	#3
yikester Registered User Join Date: Nov 2002 Posts: 49	Yes. But something needs to detect that. I'm looking for a script that does this. A DDOS comes from a lot of IPs....

09-13-2004, 08:21 PM	#4
uchase/webpry So Fucking Banned Join Date: Aug 2004 Location: Do you use sex.com's XML feed, try ours and make double the money. Posts: 2,085	try: /sbin/route add -host XXX.XXX.XXX.XXX 127.0.0.1

09-13-2004, 08:25 PM	#5
yikester Registered User Join Date: Nov 2002 Posts: 49	Come on guys... I know how to block an IP. :-) I'm looking for a script that watches HTTP response 401, builds a table, counts the 401s and then pulls the plug for that IP.

09-13-2004, 09:15 PM	#9
yikester Registered User Join Date: Nov 2002 Posts: 49	I've found a solution using a custom error handler recording the failed attempts and telling the firewall what to block. But it needs to be developed furtther. If anybody knows a solution ready to use, please drop a line.