Skip to main content

Posts

Showing posts with the label blacklist

An Example of Bad Referrer Traffic and How to Block it Using ModRewrite and IPTables

Getting these on one of my web servers on an almost daily basis: 114.232.243.86 - - [01/Sep/2014:09:51:34 -0400] "GET http://hotel.qunar.com/render/hoteldiv.jsp?&__jscallback=XQScript_4 HTTP/1.1" 404 15 "http://hotel.qunar.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36" The traffic comes from all sorts of different IPs that are owned by China Telecom. 114.232.243.86, 114.231.42.219, 222.209.137.232, 222.209.152.192, 118.113.227.95. The host I am seeing this on does not need to speak to anyone or anything in China, so I used IPTables to filter the entire netblocks I see hits from. Here is an example of a filtering rule along with a little note for myself. Notice that this rule assumes two nonstandard chains - BLACKLIST and LOGDROP - that I use to organize my ruleset. -A BLACKLIST -s 114.224.0.0/12 -m comment --comment "Chinanet Hotel Qunar Referrer" -j LOGDROP Beca