Stop Hackers and Spam Bots in IIS
Posted on Mar 1, 2008 by Paul White
When you start out running a website on a shared hosting
account, you live in a fantasy world that hackers aren't bothering your site, and you have nothing to worry about. This is due to the fact that you don't have access to the event logs that show what really goes on behind the scenes. Once you start hosting
sites on a VPS
Server you are bound to find a large number of errors in your event viewer. You start to realize what really goes on. Over the past year even smaller sites are under attack by hackers and spam bots. There is a misconception that when your site is under attack it will crash the server, or affect its performance. This can happen but good hackers traditionally want to get in, get data, and get out without you even knowing they were there.
What is their motivation?
Some of them its just the challenge, some of them want usernames, or passwords, others want emails for spamming. But the fastest growing reason is SEO
. If your website is listed at the top of google for certain keywords and terms this equals traffic, and traffic equals money. The most powerful way to get your site to the top of the search engines is with backlinks from other sites. Good Webmasters try to exchange links with other sites, and participate on blogs, and forums to create backlinks to their sites. Depending on what keywords you are going after on google will influence how many backlinks you need to get ranked higher. There is a growing number of SEOs that don't want to build links the traditional way. They use automated Bots or spiders that surf the web looking for submit forms and try to submit links on these forms to automatically create backlinks. If your website or blog doesn't have any validation code, to make sure its a real person this can be a real problem. Older sites with guestbooks are some of the most attacked. What is the Problem?
So you might be thinking, I am not worried I use good coding techniques, to prevent these bots from spamming comments on my sites. That is good but some of these bots will attempt to crawl your site very quickly. Sometimes performing 50 requests / second to crawl your entire site. This causes your entire site to slow down, and possibly crash. Even if they don't get their spam comments posted, they are still consuming bandwidth and resources. Plus each failed attempt usually results in some kind of error being added to your error log. If you are the type of webmaster that has these errors emailed to you this can get really annoying.What is the solution?
There are two ways you can deal with them.
1. Attempt to catch them when they are crawling your site. One way is to determine how fast they are making request. Store your traffic in a SQL database and then check to see how many requests an IP has made in the last 5 or 10 seconds. If they are surfing too fast, Add their IP to a blacklist that you can admin from SQL. Then use the Application_BeginRequest function in your global.asax to check your blacklist before letting them into your site. If they are legit, let them in, if not kick them off to another site.
2. Instead of using SQL to run a black list, use IIS to deny certain IPs access to your site. This is much less costly in resources and bandwidth than to use SQL to manage these situations. Now the problem is adding each IP to IIS is tedious, plus figuring out what IPs are bad is not easy either. The good stuff
Stop Forum Spam
Here you can download a complete IP list of known spambots and hackers.
They also have an API that you can query to check IPs to see if they are on the list.Blocking IIS IP Addresses with ASP.NET
Here you can doanload a script written by Rick Stralh.
This will give you the ability to upload your Bad IPs in bulk.
No Comments have been submitted