Hey,

Evey week i go through my server logs and i get a bunch of chinese surfers, when i examine their click trails they are ALL trying to find a hole to do SQL and brute force attacks and kill my site.

We ban their IP's and next week we have a few more.

I have never ever sold 1 thing to China, can I / should I ban all of China from my site???

leslie

They will just get around those with proxies, you might consider a temp blanket ban of a range of ips but there will always be some numpty trying to test your site and patience (<- get a quick Chinese patience pun in ;) )
Probably best to get your site tested so it is immune from such attacks, if it goes to the level of making your site crawl then you could look to your hosting company and authorities etc...

I often test sites for those kinds of things, part of the job sort of thing but to regularly do it no.

if its an automated script looking for holes there are ways of stopping it, ie on my site i have a 1 pixel gif that links to a php file that automatically bans the ip.

With a robots.txt file that stops any good bots from touching the file. i can post the contents of the file if needed, you would be amazed at how many times i have apparently banned google from visiting my site.

Hi David,

So if I understand this correctly the robots.txt file asks visiting robots not to visit certain pages, the nice robots comply but the nasty robots ignore the request and visit the off limits pages. That is where you hide this gif that sts of the php file?

How to I do this for my site? I am about to launch and am very worried about security.

Thanks
Lark

it works well, i just got banned, do good search engines follow the do not follow bit

the gif sits on my home page and just links to the honey pot page,

My robots.txt file simply has a Disallow for the page, however its also worth adding lots of non existent admin type pages to the robots page as many bots will directly look at the robots.txt searching for keywords like admin.

the gif is only 1 pixel large, and using css could evan sit off the page, however not sure what SEO implications this would have.

i can send over the php if you want it, just tryed to find the original site but cant seem to find it.

it works well, i just got banned, do good search engines follow the do not follow bit

they should do, if not then tbh i am not interested in them spidering my site.

yes please

is is too cheeky to also ask to see a sample of your robots file too?

Thanks
Lark

pm over your email and i will send the php file, robots, and the htaccess.

Are they simply spammers/numpties are are they actually trying to attack your site?

they keep trying to break pages and trying to find holes to do SQL injection attacks