Trigger IP ban based on request of given file?
Posted
by
Mike Atlas
on Pro Webmasters
See other posts from Pro Webmasters
or by Mike Atlas
Published on 2011-02-16T17:48:41Z
Indexed on
2011/02/16
23:35 UTC
Read the original article
Hit count: 300
I run a website where "x.php" was known to have vulnerabilities. The vulnerability has been fixed and I don't have "x.php" on my site anymore.
As such with major public vulnerabilities, it seems script kiddies around are running tools that hitting my site looking for "x.php" in the entire structure of the site - constantly, 24/7.
This is wasted bandwidth, traffic and load that I don't really need.
Is there a way to trigger a time-based (or permanent) ban to an IP address that tries to access "x.php" anywhere on my site?
Perhaps I need a custom 404 PHP page that captures the fact that the request was for "x.php" and then that triggers the ban? How can I do that?
Thanks!
EDIT:
I should add that part of hardening my site, I've started using ZBBlock:
This php security script is designed to detect certain behaviors detrimental to websites, or known bad addresses attempting to access your site. It then will send the bad robot (usually) or hacker an authentic 403 FORBIDDEN page with a description of what the problem was. If the attacker persists, then they will be served up a permanently reccurring 503 OVERLOAD message with a 24 hour timeout.
But ZBBlock doesn't do quite exactly what I want to do, it does help with other spam/script/hack blocking.
© Pro Webmasters or respective owner