Thursday, February 12, 2009

Hackers Beware! Deny Them Access

Recently a server I work on was hit by a bunch of chump kids from a couple of Internet cafes in Morocco. Foisting their shilliness on some sites and deleting most of the others. I caught them in the early part of their mayhem and cut their tools off, but the damage was done.

How to keep them off?

At first we found them operating in a couple of cafes in Morocco and barred the IP ranges for their host. Then the clients all asked if they could get the whole country and sure enough we found this masterpiece. "Block a Country!" What a great idea! The site gets hack attacks but it is

http://www.blockacountry.com/

It seems to keep up to date and you can ban whomever you want. Just pick them if they pick you!

We had another client who was being pounded by China all searching for foot fetish porn. He had a search script as a feature to his site to find any video on Youtube. Unfortunately YouTube command for keeping adult material off the site did not work and it became known quickly as a way to bypass YouTube filters set for countries. Oh man, this poor guy was hit! So much traffic and all very useless. They are not there for his real content, or to contribute or to click on an advert, they just want to suck the porn. So, we found this tool worked fine to zero them out.

Now, here is a bit of a gift, the top part of one of our clients .htaccess. Each entry is for something special we will cover in the next article. Your project is to see if you can figure out who they are and if they are sucking your bandwidth?

#attributor
deny from 64.41.145.177

#soso search
deny from 124.115.0.0/24

#Lightspeed
deny from 69.84.207.39

# Dutch gamers
deny from 84.244.189.99

#Bastards at Go daddy
deny from 68.178.211.195
deny from 72.167.232.0/24 BEWARE THESE GUYS ARE DOING STUFF NOW!

#turkey dicks
deny from 212.156.63.30

#Moroc Hackers
deny from 41.205.192.0/19
deny from 41.248.0.0/14
deny from 62.251.128.0/17
deny from 81.192.0.0/16
deny from 194.204.192.0/19
deny from 194.204.224.0/19
deny from 196.2.80.0/20
deny from 196.12.192.0/18
deny from 196.200.128.0/18
deny from 196.206.0.0/16
deny from 196.217.0.0/16
deny from 212.217.0.0/17
deny from 194.6.224.0/24

You can capture your victims with your .htaccess, add more countries with this fabulous tool, and a 403.shtml will send them somewhere fun.

Good luck out there! Get back to us with any tips on bandwidth hogs or hack attacks!

No comments: