CarolW
06-05-2005, 12:29 PM
Dear All,
More questions from me. I managed to get weblogs finally, a couple of months ago. I look at them every day. I'm so naive that I thought people were making manual entries in my two guestbooks - they were trash entries, but looked mostly like harmless pranks, though one was loaded with a long list of URLs. Then I learned about spambots. Oh. Duh!).
My web logs are showing obvious porn sites in the referers list. I don't know how the listing works nor what it means. What *does* it mean if there's a porn site URL in the referers list in my web logs?
I did a WHOIS on a few of the sites, and got nothing, so I tried DIG, which my host provides; that gave me some IP numbers. When I put those back in WHOIS, I got at least a little information. I put the information in a text file; the information included IP numbers.
I thought what I'll do is, put those IP numbers in my htaccess file, denying access to my site. Is that a sensible thing to do, and will it keep such machines from making entries on my guestbooks and public visitor comments areas?
Here's how my web host, islandnet.com, provides this. They made something called "UseRealIP," which attempts to discern the visitor's actual IP if it's a proxy server being used. So, if I put
UseRealIP on
into my .htaccess file, supposedly I get the caller's real IP number (when it's available or can be resolved, whatever that means).
I quote from the docs on Islandnet:
"Whenever you refer to the visitor's IP address, perhaps in an IP <Limit> block, or inside a script by using the REMOTE_ADDR environment variable, you often don't get the visitor's real IP address. If they are accessing your site through a proxy server then the IP you actually see on this side is the proxy's, not the user's"
[snip]
"This will affect all web pages and scripts that rely on the REMOTE_ADDR environment variable, and it also affects your web logs. It also adds a new environment variable called PROXY_ADDR which contains the IP address that was replaced."
Because I put "UseRealIP on" in my .htaccess file a few days ago, I assume my web logs are showing reasonably accurate IP numbers.
You can find more information at:
http://helpdesk.islandnet.com/help/htaccess.php
and more specifically, at
http://helpdesk.islandnet.com/help/htaccess.php#realip
I've had trouble with .htaccess on my host; I even shut myself out of my own site, twice - when I followed instructions in the docs as best I knew how, but tech support, and even the owners, helped me out, even actually editing my file for me! So now it's in working order.
Here's what the start of my current .htaccess file looks like, except that I changed the IP numbers, and cut out two "deny" listings. "GeoIP" is explained in the docs immediately after the section on "Unmasking Proxy Users."
The following is at the very top of my .htaccess file.
<Limit GET POST>
order allow,deny
deny from 123.456.789.012
allow from all
</Limit>
UseRealIP on
GeoIP on
RewriteEngine on ....
I plan to add to my .htaccess file additional "deny from" lines for the two porn-site IP numbers I got through DIG and then WHOIS. If I do that, and resolving the IP number didn't produce results, am I risking shutting down innocent visitors who use the same proxy server?
Would porn sites and other sites conceivably be using the same proxy server? I'd guess that might be likely. Or am I off somewhere on a wild goosechase here?
I note also that an individual's IP number tends to be dynamic, but maybe a web site - or what I see in the porn referer listings in my logs - would have static IP numbers?
So, for example, if a referer in my weblogs shows:
"www.flickyou.com/nasty/nastystuff.htm"
(that's an invention, in case you didn't guess, haha)
and I get an IP number via DIG and then WHOIS, I could safely put the IP number into my .htaccess file without shutting out large numbers of possible legitimate visitors?
Thanks in advance for any help!
Sun, 05 Jun 2005 09:18:33
More questions from me. I managed to get weblogs finally, a couple of months ago. I look at them every day. I'm so naive that I thought people were making manual entries in my two guestbooks - they were trash entries, but looked mostly like harmless pranks, though one was loaded with a long list of URLs. Then I learned about spambots. Oh. Duh!).
My web logs are showing obvious porn sites in the referers list. I don't know how the listing works nor what it means. What *does* it mean if there's a porn site URL in the referers list in my web logs?
I did a WHOIS on a few of the sites, and got nothing, so I tried DIG, which my host provides; that gave me some IP numbers. When I put those back in WHOIS, I got at least a little information. I put the information in a text file; the information included IP numbers.
I thought what I'll do is, put those IP numbers in my htaccess file, denying access to my site. Is that a sensible thing to do, and will it keep such machines from making entries on my guestbooks and public visitor comments areas?
Here's how my web host, islandnet.com, provides this. They made something called "UseRealIP," which attempts to discern the visitor's actual IP if it's a proxy server being used. So, if I put
UseRealIP on
into my .htaccess file, supposedly I get the caller's real IP number (when it's available or can be resolved, whatever that means).
I quote from the docs on Islandnet:
"Whenever you refer to the visitor's IP address, perhaps in an IP <Limit> block, or inside a script by using the REMOTE_ADDR environment variable, you often don't get the visitor's real IP address. If they are accessing your site through a proxy server then the IP you actually see on this side is the proxy's, not the user's"
[snip]
"This will affect all web pages and scripts that rely on the REMOTE_ADDR environment variable, and it also affects your web logs. It also adds a new environment variable called PROXY_ADDR which contains the IP address that was replaced."
Because I put "UseRealIP on" in my .htaccess file a few days ago, I assume my web logs are showing reasonably accurate IP numbers.
You can find more information at:
http://helpdesk.islandnet.com/help/htaccess.php
and more specifically, at
http://helpdesk.islandnet.com/help/htaccess.php#realip
I've had trouble with .htaccess on my host; I even shut myself out of my own site, twice - when I followed instructions in the docs as best I knew how, but tech support, and even the owners, helped me out, even actually editing my file for me! So now it's in working order.
Here's what the start of my current .htaccess file looks like, except that I changed the IP numbers, and cut out two "deny" listings. "GeoIP" is explained in the docs immediately after the section on "Unmasking Proxy Users."
The following is at the very top of my .htaccess file.
<Limit GET POST>
order allow,deny
deny from 123.456.789.012
allow from all
</Limit>
UseRealIP on
GeoIP on
RewriteEngine on ....
I plan to add to my .htaccess file additional "deny from" lines for the two porn-site IP numbers I got through DIG and then WHOIS. If I do that, and resolving the IP number didn't produce results, am I risking shutting down innocent visitors who use the same proxy server?
Would porn sites and other sites conceivably be using the same proxy server? I'd guess that might be likely. Or am I off somewhere on a wild goosechase here?
I note also that an individual's IP number tends to be dynamic, but maybe a web site - or what I see in the porn referer listings in my logs - would have static IP numbers?
So, for example, if a referer in my weblogs shows:
"www.flickyou.com/nasty/nastystuff.htm"
(that's an invention, in case you didn't guess, haha)
and I get an IP number via DIG and then WHOIS, I could safely put the IP number into my .htaccess file without shutting out large numbers of possible legitimate visitors?
Thanks in advance for any help!
Sun, 05 Jun 2005 09:18:33