Blocking by country and high connection counts

 CSS, Javascript, MySQL, On The Front Line, PHP, Programming, Tech, Utilities  No Responses »
Aug 252008
 

Most of our hosting servers run Centos Linux but we have Windows servers too and a problem common to both is the occasional high volume of traffic generated by non organic growth.  I don’t mean that someones blog hits the front page of digg, rather a malicious or DDOS attack against a website.  On shared hosting this will effect all sites on the server.  There are bandwidth control tools for both operating systems but they all come at a price to CPU or wallet or both.  I have tried all I could find and none of them have been effective.

Some datacenters offer solutions which usually require traffic being filtered before it reaches your server.  This has obvious advantages but comes with one major drawback and that is you have lost control of your network and are relying on unknown parameters setup by your datacenter, and this can result in false positives which may include potential business for your customers

Liquidweb are the only datacenter I have used to date that rely on monitoring service to alert them of a problem plus a human to decide the appropriate reaction.  As they will notify you of changes made or any IP’s blocked you can recover the situation if they block access incorrectly.  This is as close to remaining in control and could be enough for your needs.

Another way is to utilise services built-in to the operating system.  In the attached autoban.zip file I have prepared bash and php files which placed into a cron monitors connections by count and rejects those who try to open too many.  You can also ban countries from accessing your website too.  Parameters allow you to choose how long the ban should be for and you can set levels so that should someone repeatedly be trying to attack the server their ban can be extended.  I find a 1 hour ban followed by a 3 hour, then 6 hour and then a 31 day ban completely eradicates Denial of Service Attacks.

autoban

You will need root access to the server, see readme.txt for instructions.

Three little characters  designed to make your life hell

 CSS, Javascript, MySQL, On The Front Line, PHP, Programming, Tech  15 Responses »
Jul 242008
 

On more than one occasion these characters  have turned up just when everything else seems fine.  Known as a “BOM” or Byte Order Mark they can be extremely annoying.

What is  ???

 is often seen at the top left corner of a web page.  When you open the source file and compare that to the output source you will not find , so what causes  to appear in your file?

The reason is your editor has saved the file as UTF-8.  With the ever increasing complexity of character encoding some editors ignore your settings and update your configuration to use UTF-8. Even if you have been using ASCII without any trouble since 1982!

The Fix

Change the character encoding of your page.  With most editors all you need to do is select properties and then choose ASCII then save the file.

Changing the meta tag alone is not enough, with extended attributes on files now no one can be sure where a browser or whatever reader your using will use to determine how to display it.

Fix Update – 2nd August 2011

Remarkable that two years on from this post many commercial editors still cause problems. A friend told me the BOM is not supposed to be used in web files saved as UTF-8. Ever. He sent me this link as his reference from W3 http://www.w3.org/International/questions/qa-byte-order-mark.

How to fix Microsoft Exprfession

Expression introduced the BOM in 2.00 and since 4.00 you can switch the BOM off which has been the default for PHP files, to fix the rest go Tools -> Page Editor Options -> Authoring and uncheck the rest.

remove bom from web files Three little characters  designed to make your life hell

Limiting text input to characters and digits

 CSS, Javascript, MySQL, On The Front Line, PHP, Programming, Tech  No Responses »
Jul 072008
 

To remove stuff such as punction and spaces (or anything you want) from a text box before sending to the server for validation you can use code like this, first the HTML:-

<input
name="name"
onblur="this.value = entrycheck(this.value);"
type="text"
size="20">

And then the following Javascript will remove invalid characters when the user moves to another field:-

<script type="text/javascript">
function namecheck(theInput) {
  var valid = 'abcdefghijklmnopqrstuvwxyz1234567890';
  var test ='';
  var ret ='';
  for(i=0;i<theInput.length;i++) {
    test = theInput.substr(i,1);
    if(valid.indexOf(test.toLowerCase()) != -1) {
      ret = ret + test;
    }
  }
  return ret;
}
</script>

In this example I just want digits and characters. If you want to add certain punctuation such as stops and commas just add them to the valid variable.

ASP code to block multiple ranges of IP's from your site

 CSS, Hosting, Javascript, MySQL, On The Front Line, PHP, Programming, Tech  No Responses »
Apr 242008
 

It wasn’t long before I needed to expand upon banning a few IP’s. I needed to be able to ban whole networks so here’s the Q&D solution:-

First create a text file called ipsec.txt and enter some IP’s you wish to ban, to ban a network just leave off the end of the IP class number, for example:-

10.20.30.40
10.50

In the above example the first is a specific IP that you wish to ban, the second will ban all IP addresses that start 10.50 (for example 10.50.20.1 and 10.50.100.1 will both be banned). Enter as many as you like, one per line.

Now create or edit your global.asa file and add the following code to the session_onstart sub procedure:

sub session_onstart
  remote_ip = request.servervariables("Remote_Addr")
  ipsec     = server.mappath("/ipsec.txt")
  ips       = getFileContents(ipsec)
  ips       = split(ips,vbcrlf)
 
  for each ip in ips
    if len(trim(ip)) > 0 then
      ip_parts        = split(ip,".")
      remote_ip_parts = split(remote_ip,".")
      found = true
      for x = 0 to ubound(ip_parts)
        if ip_parts(x) <> remote_ip_parts(x) then
          found = false
          exit for
        end if
      next
      If found then
        response.redirect "/redir.html?ip=" & remote_ip
      end if
    end if
  Next
end sub

Replace /redir.html with a file or location you want to redirect banned ip’s too.

As this code runs in the session_onstart section of the global.asa it will be run only once for each visitor, this means that during the session they could return and this code would be bypased. If that is a concern modify the code to be a common function and place it strategically, perhaps in a common file called throughout the website.

Write ASP and need a way to block IP's from your site?

 CSS, Hosting, Javascript, MySQL, On The Front Line, PHP, Programming, Tech  No Responses »
Apr 222008
 

This demonstrates how to ban a single IP address, later, I’ll show how to ban whole networks but chances are you will be able to work that out for yourself anyway after reading this anyway.

If global.asa does not exist then create it and add the following:

sub session_onstart
 
  ip = request.servervariables("Remote_Addr")
 
  select case ip
    case "111.111.111.111", "111.111.111.112", "111.111.111.123"
      response.redirect "http://www.example.com"
  end select
 
end sub

Replace 111.111.111.11x with the IP addresses you wish to ban, note they are comma separated and the last one is not followed with a comma.

You can change the redirection to a page on your site that informs them they are no longer allowed (a bit vindictive), to a blank page is probably best or you could even forward them on to a competitor :D

 Newer Entries