Can iptables or other firewall solutions can do this for me?

Can iptables or other firewall solutions can do this for me?

[howard chen]

Let me tell the background first...

We have a web server, recently received a lot of requests from oversea
proxy. The requests are to spam our applications (i.e. leave
comments). They don't success, since they never get the correct
captacha.

But the problem is: They are doing requests & requests forever (even
with no success). This lead to:

1. Waste of CPU time of our web server
2. Waste of oversea bandwidth


Can iptables or related tools or packages can do this for me?

p.s. Since they are changing proxy all the time, so might be need a
automatic solutions,

e.g.

If a client request the server too frequent in the past 15 minutes,
block the client for 1 hour, sth like that



Thanks for any comments...

RE: Can iptables or other firewall solutions can do this for me?

[Rob Sterenborg]

netfilter-bounces@lists.netfilter.org <> wrote:
> Let me tell the background first...
> 
> We have a web server, recently received a lot of requests from oversea
> proxy. The requests are to spam our applications (i.e. leave
> comments). They don't success, since they never get the correct
> captacha. 
> 
> But the problem is: They are doing requests & requests forever (even
> with no success). This lead to:
> 
> 1. Waste of CPU time of our web server
> 2. Waste of oversea bandwidth
> 
> 
> Can iptables or related tools or packages can do this for me?
> 
> p.s. Since they are changing proxy all the time, so might be need a
> automatic solutions, 

Not directly, but this would be a solution I would think of:

You could modify the comment-script so that it logs the IP from the
hosts that attempt to leave a comment but fail doing so (if the script
doesn't do this already).
After that you can write a script that parses and clears the logfile
every x minutes to filter the largest offenders. You can enter these
offending IP's in a user defined blocking-chain which is called in the
INPUT chain (or FORWARD chain, depending on your setup) to block further
requests from these IP's.


Grts,
Rob

Re: Can iptables or other firewall solutions can do this for me?

[Jan Engelhardt]

On Feb 12 2007 23:16, howard chen wrote:
>
> We have a web server, recently received a lot of requests from oversea
> proxy. The requests are to spam our applications (i.e. leave
> comments). They don't success, since they never get the correct
> captacha.
>
> But the problem is: They are doing requests & requests forever (even
> with no success). This lead to:
>
> 1. Waste of CPU time of our web server
> 2. Waste of oversea bandwidth
>
> Can iptables or related tools or packages can do this for me?
>
> p.s. Since they are changing proxy all the time, so might be need a
> automatic solutions,

Block their proxies using TARPIT.



Jan
-- 
ft: http://freshmeat.net/p/chaostables/