Hi all Our Drupal 7 site is under constant attack from the Chinese. In Rails there is an easy way to redirect pretty much anything off site or to other page/s not in the system and hide the url.
Also is there a better way of hiding the url of user login
I have tried to set up Rules in Drupal 7 to simply redirect [Page not found] responses back to the front page or better still out of the Drupal 7 system completely. I've had no success.
Can someone please direct me on how to set up such a Rule on our site.
Thanks in advance Roger
Am 06.06.13 08:51, schrieb Roger:
Hi all Our Drupal 7 site is under constant attack from the Chinese. In Rails there is an easy way to redirect pretty much anything off site or to other page/s not in the system and hide the url.
Also is there a better way of hiding the url of user login
I have tried to set up Rules in Drupal 7 to simply redirect [Page not found] responses back to the front page or better still out of the Drupal 7 system completely. I've had no success.
Can someone please direct me on how to set up such a Rule on our site.
I have similar problems with lots of spam hits, feeling like a DoS-attac.
My "solution" to date is IP-blocking in the .htacess.
Drupal is helpful with statistics for that, the reports page has an entry for the most active visitors (statistics enabled, of course) with the IP-numbers shown.
All entries with time sum near (or even higher than) the google-bot normally are spammers. The ip-nr looked up in the searche engine mostly gives enough information to justify ip-blocking.
The most effective way is the .htacess (manual work necessary, yes), if you cannot use .htacess, Drupal can block IPs too (from the report I mentioned above), but of course this consumes more server time.
Godd luck, Servus Franz
On Thu, Jun 6, 2013 at 4:03 AM, Franz Iberl wrote:
Am 06.06.13 08:51, schrieb Roger:
Hi all Our Drupal 7 site is under constant attack from the Chinese. In Rails there is an easy way to redirect pretty much anything off site or to other page/s not in the system and hide the url.
Also is there a better way of hiding the url of user login
I have tried to set up Rules in Drupal 7 to simply redirect [Page not found] responses back to the front page or better still out of the Drupal 7 system completely. I've had no success.
Can someone please direct me on how to set up such a Rule on our site.
I have similar problems with lots of spam hits, feeling like a DoS-attac.
My "solution" to date is IP-blocking in the .htacess.
You could use the ip blocking tool in Drupal itself instead of .htaccess.
Drupal is helpful with statistics for that, the reports page has an entry for the most active visitors (statistics enabled, of course) with the IP-numbers shown.
Yes, this I use too.
All entries with time sum near (or even higher than) the google-bot normally are spammers. The ip-nr looked up in the searche engine mostly gives enough information to justify ip-blocking.
Correct, several accesses within the same second is a good clue.
The most effective way is the .htacess (manual work necessary, yes), if you cannot use .htacess, Drupal can block IPs too (from the report I mentioned above), but of course this consumes more server time.
There is also the restrict_ip module[1] which does the opposite of what the cor ip blocking function does and you have to provide the list of allowed addresses, everyone else gets access denied.
[1] https://drupal.org/project/restrict_ip
I use the geo_ip module in apache to block china/russia/africa at the web server level. If you have access you may want to look into it.
On Thu, Jun 6, 2013 at 7:44 AM, Earnie Boyd earnie@users.sourceforge.netwrote:
On Thu, Jun 6, 2013 at 4:03 AM, Franz Iberl wrote:
Am 06.06.13 08:51, schrieb Roger:
Hi all Our Drupal 7 site is under constant attack from the Chinese. In Rails there is an easy way to redirect pretty much anything off site or to other page/s not in the system and hide the url.
Also is there a better way of hiding the url of user login
I have tried to set up Rules in Drupal 7 to simply redirect [Page not found] responses back to the front page or better still out of the Drupal 7 system completely. I've had no success.
Can someone please direct me on how to set up such a Rule on our site.
I have similar problems with lots of spam hits, feeling like a DoS-attac.
My "solution" to date is IP-blocking in the .htacess.
You could use the ip blocking tool in Drupal itself instead of .htaccess.
Drupal is helpful with statistics for that, the reports page has an
entry for the most active visitors (statistics enabled, of course) with the IP-numbers shown.
Yes, this I use too.
All entries with time sum near (or even higher than) the google-bot
normally are spammers. The ip-nr looked up in the searche engine mostly gives enough information to justify ip-blocking.
Correct, several accesses within the same second is a good clue.
The most effective way is the .htacess (manual work necessary, yes), if
you cannot use .htacess, Drupal can block IPs too (from the report I mentioned above), but of course this consumes more server time.
There is also the restrict_ip module[1] which does the opposite of what the cor ip blocking function does and you have to provide the list of allowed addresses, everyone else gets access denied.
[1] https://drupal.org/project/restrict_ip
-- Earnie
-- https://sites.google.com/site/earnieboyd
[ Drupal support list | http://lists.drupal.org/ ]
Am 06.06.13 14:40, schrieb Patrick Avella:
I use the geo_ip module in apache to block china/russia/africa at the web server level. If you have access you may want to look into it.
to block a whole geographical region is "too much" in my opinion, and I consider it unnecessary too. With blocking of the biggest "hits" only the rest does no longer hurt too much, and peaple from that region have still chance for access.
Yes, with this method you need no longer spend time about a big part of the "spectrum", but I do prefer to keep the web "international" in spite of the spam, even if I have to look after the blocking list from time to time.
Servus Franz
My website is attacked from other countries, too. I hate that. Whatever, I trid to solve the problem in the server side. Use iptables block IP directly. And I found some scripts to block IPs automatically( based on iptables ).
Additional, I have found an apache module named "mod_evasive". I use evasive to work with iptables rules, and it works.
On 06/06/13 19:44, Earnie Boyd wrote:
There is also the restrict_ip module[1] which does the opposite of what the cor ip blocking function does and you have to provide the list of allowed addresses, everyone else gets access denied.
https://drupal.org/project/issues/restrict_ip?categories=bug
Am 06.06.13 08:51, schrieb Roger:
Hi all Our Drupal 7 site is under constant attack from the Chinese. In Rails there is an easy way to redirect pretty much anything off site or to other page/s not in the system and hide the url.
Also is there a better way of hiding the url of user login
one more thing - I forgot in the first posting.
For login- and other forms-Spam the honeypot-module works quite well. It straightly blocks most spam-entries and gives the IP-Nr. of the spam site too to enter into the blocking-list.
This is also necessary (in my case) because the "classical" ;-) (anti-) spam-module of D6 is not yet published for D7. I prefer autonomous filtering in contrast to routing the traffic through external services like mollom (which work too, of course).
Servus Franz
On 06/06/13 14:51, Roger wrote:
Hi all Our Drupal 7 site is under constant attack from the Chinese. In Rails there is an easy way to redirect pretty much anything off site or to other page/s not in the system and hide the url.
Also is there a better way of hiding the url of user login
I have tried to set up Rules in Drupal 7 to simply redirect [Page not found] responses back to the front page or better still out of the Drupal 7 system completely. I've had no success.
Can someone please direct me on how to set up such a Rule on our site.
Thanks in advance Roger
In my case, I want to hide only the register page from undesirables.
I installed the ip2country module, enabled it, disabled it. It doesn't actually work properly, but I like its data.
Then I use a trivial custom module to use the ip2country data to discover whether the anonymous visitor is in Australia. If not, they're redirected to / with a short message.
I've not looked into it, but I expect it's equally simple to assign a role, "nice_user" to everyone you do like based on the country or IP address-range and authorise nice_user to the lowest level you allow to post comments or whatever, maybe including use of contact forms. Authorised users can view, nice_users can post.
I don't like the idea of banning single IP addresses, I'm more likely to ban /24 networks, supposing that makes it harder to get a new IP address, but making it relatively unlikely ban nice users.
-
Earnie Boyd -
Franz Iberl -
John Summerfield -
Patrick Avella -
Roger -
shenhd