Sean Sheridan on 7 Mar 2011 15:26:20 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] preventing access


Hello,



Over the last month I've been attacked by robots.  These robots appear to
want to post spam through contact forms on my website, they've hit several
domains.

So they head to my contact page and fill in the html contact form which
processes and sends mail.  I record the client IP address when they
submit.

This is the attacker:

      Email: email@gmail.com
      IP Address: 91.201.66.76
      Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)


So I do two things to fend off this bot:
1) I block anyone posting as email@gmail.com and log the event.
(Today they moved to "emai1l@gmail.com")
2) I thought I was blocking future contact with:

iptables -A INPUT -s 91.201.66.76 -j DROP
service iptables save

This appears to do nothing as the bot keeps on filling in the forms day
after day.  So my question is, why does this iptables command seem to not
work?

A better question is, what is the best way to prevent a specific ip
address from connecting short of having to add each IP addy to a table?

Should I be thinking about some kind of fail2ban recipe?



Sean C. Sheridan
Campus Party, Inc.
http://www.CampusClients.com
http://www.CampusParty.com
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug