Mailing List Archive

Support open source code!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

tlug: Apache "Surprise Feed"

>>>>> "Shawn" == Shawn Gray <shawn@example.com> writes:

    Shawn> Today, I found a site where someone has stuck my BBS into
    Shawn> the bottom frame on his page, making it appear as if it is
    Shawn> part of his site.

I've noticed a lot of this kind of stuff recently.

Actually, this may be more than credit stealing.  He may be counting
hits to your site as hits to his, and reporting them to his
advertisers.  (This just requires a simple rewrite of all the URLs,
easy with a Perl script.)  Check to see if you are getting a lot of
repeated hits from his site.

OTOH, if he's not borrowing your hits, you could just make sure your
site is boldly advertised every few lines in the BBS ;-)  And mention
his little felony.  "I'm glad to see that butt.head.or.jp likes my
site so much that he uses it as if it were his own!

    Shawn> I could probably figure out how to block access from his
    Shawn> site to prevent my page from being served to him,

Since it's a BBS page, presumably it's a CGI or other script anyway.
Scripts have direct access to all the information (originating host,
full URL, cookies, user agent, etc).  So you could just test for it in
the script.  But this doesn't protect any ordinary HTML pages.

Apache can do access blocking natively (have you RFTM'd today?)  But a
quick alternative hack, if you own the Linux box running the
webserver, would involve an Apache running on a different port and
IPchains (OR whatever will replace them in 2.4).  I like this because
it means the beavis never gets near your real home pages, ever, and
you don't have to make potentially buggy changes in your real
configuration.

Of course, if he's running as an ordinary user on a big ISP, I don't
know how you'd get an ID for him, either with IP chains or native
Apache config.  The problem is you probably don't want to block other
users on that system.  The only thing I can think of would be some
kind of cookie-based scheme to get hold of the real originator, and
that is kinda offensive.

With ipchains, blocking access is easy:

# REJECT tells him he's been blocked, maybe he'll give up quicker
# DENY may make him think his network is fsck'ing, and it'll come back
# later.
# The /24 gets all his neighbors, too :-P
# Remove the `--destination www.greycastle.com http' to block ALL access.
ipchains -A input --source butt.head.or.jp/24 \
                  --destination www.greycastle.com http -j REJECT

Redirection isn't much harder:

ipchains -A input --source butt.head.or.jp/24 \
                  --destination www.greycastle.com http -j REDIRECT 666

Now you set up your second Apache server on port 666, and his ass is
harassed.  You might even want to `nice 19' that httpd ... or just add
a 10 sec delay to the BBS script ;-)

いいじゃないか
いいじゃないか

It is obviously "bad attitude Thursday" in Tsukuba....

-- 
University of Tsukuba                Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences       Tel/fax: +81 (298) 53-5091
_________________  _________________  _________________  _________________
What are those straight lines for?  "XEmacs rules."
-----------------------------------------------------------------------
Next Meeting (w/ YLUG): June 16 (Fri) 19:00 Mizonoguchi Marui Family 12F
Next Technical Meeting: July 8 (Sat)  13:30 Topic: TBA
-----------------------------------------------------------------------
more info: http://www.tlug.gr.jp        Sponsor: Global Online Japan
Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links