rejetto forum

Dealing with requests for files that don't exist from bots or malicious entities

0 Members and 1 Guest are viewing this topic.

Offline Bugger

  • Occasional poster
  • *
    • Posts: 4
    • View Profile
Is there an easy way to deny or ban requests that aren't for a certain file, or group of files? I'm having bots or something request for root and trying different login names (user@ip) for a public server I use to host downloadable content for a game server. What I would like to do is automatically ban any ip that doesn't 'GET /myfile.xyz', or maybe any file that is in a folder like 'GET /myfolder/myfile.xyz' so multiple files can be hosted.

I was thinking maybe I can add a line to hfs.events to deal with this, but I didn't see anything related to banning in the wiki, so I don't really know how to go about it.

Please note: this server will never be used for anything other than public file hosting of 1-3 files, so preserving any functionality of user accounts or anything else along those lines is not necessary

Thanks for any input!
« Last Edit: February 26, 2020, 10:55:10 AM by Bugger »


Offline bmartino1

  • Tireless poster
  • ****
    • Posts: 900
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
https://en.m.wikipedia.org/wiki/Robots_exclusion_standard

https://www.robotstxt.org/robotstxt.html#:~:text=

By adding a robot.txt file, as it seems you are have scripts scan your server.

I would recommend making and adding a custom robot
.txt file with disallow option...
Files i try to keep and share can be found on my google drive:

https://drive.google.com/drive/folders/1FOWi3Gqaldld6JLXvZ-biDv4RSguf0IC


Offline Bugger

  • Occasional poster
  • *
    • Posts: 4
    • View Profile
I really need something more along the lines of banning any address that doesn't request a hosted file as I have been having several bad apples trying exploitation methods as well, and I don't want anything in a list somewhere. There only should be game clients requesting specific files, so is there a simple line I can add to events that will accomplish this?
« Last Edit: February 26, 2020, 05:23:15 PM by Bugger »


Offline danny

  • Occasional poster
  • *
    • Posts: 98
    • View Profile
I really need something more along the lines of banning any address that doesn't request a hosted file as I have been having several bad apples trying exploitation methods as well, and I don't want anything in a list somewhere. There only should be game clients requesting specific files, so is there a simple line I can add to events that will accomplish this?
A template (or diff-template) could do a default disconnect on error, to imitate a firewall:
[error-page]
{.disconnect.}

However, it would be better to use a filtered approach (help users but disconnect miscreants), such as in https://rejetto.com/forum/index.php?topic=12055.msg1065326#msg1065326  See the error-handler pages, to give you some ideas on how to arrange your filters. 


Offline dj

  • Tireless poster
  • ****
    • Posts: 197
  • 👣 🐾
    • View Profile
    • PWAs

welcome,

Code: [Select]
not found
{.set ini|{.no pipe|ban-list={.from table|#ini|ban-list.}%ip%#are you trying to break me? {.time.}|.}.}


Offline Bugger

  • Occasional poster
  • *
    • Posts: 4
    • View Profile
Pretty much exactly what I had in mind, thanks!

Edit: For anyone who is trying to do the same thing, this line from @dj in combination with thishttp://rejetto.com/forum/index.php?topic=11738.0, solved my problem completely for the time being. Since my particular use case has a unique user-agent, this seemed the best route to take. I know how and that it can be spoofed, but mainly this was an effort to save bandwidth and keep the logs clear. All my files are public anyway, and I just didn't want my logs filling up with spam for no good reason because some jackass wanted to find out if I had any secured accounts set up.

a couple of things to note:

You MUST set the root directory to a real folder

Try to put everything in root/properties/Diff template, and event scripts (alt+f6)
(If you don't know any better in the first place, thankfully I avoided some work by reading a little)

Cheers! 8)
« Last Edit: February 28, 2020, 03:32:53 AM by Bugger »