Hello,
One of our customers websites is victim of the Pushdo virus.
This virus generates a few hundred domains and does random calls to these domains to hide it's real trafic.
In 20 days our customer's website index page was viewed 25 million times by this botnet.
So far the useragent hasn't changed so we are blocking the useragent. The requests are also sent by post so we will block post and only allow get calls if the useragent changes.
It's not possible to set up a firewall for these calls as there are too many ip's to block.
To limit the problem I'm currently defending the site with the following in it's htaccess file :
The first line means the server responds only "403" (3 bytes) and not a full html page.
Is there a way to go a step further and not respond at all ?
In otherwords black hole / ignore the requests in order to save the 3 bytes of bandwidth used by each request.
One of our customers websites is victim of the Pushdo virus.
This virus generates a few hundred domains and does random calls to these domains to hide it's real trafic.
In 20 days our customer's website index page was viewed 25 million times by this botnet.
So far the useragent hasn't changed so we are blocking the useragent. The requests are also sent by post so we will block post and only allow get calls if the useragent changes.
It's not possible to set up a firewall for these calls as there are too many ip's to block.
To limit the problem I'm currently defending the site with the following in it's htaccess file :
Code:
ErrorDocument 403 "403"
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^Mozilla\/4(.*)$
RewriteRule .* - [F]
Is there a way to go a step further and not respond at all ?
In otherwords black hole / ignore the requests in order to save the 3 bytes of bandwidth used by each request.