Alpha Software Mobile Development Tools:   Alpha Anywhere    |   Alpha TransForm subscribe to our YouTube Channel  Follow Us on LinkedIn  Follow Us on Twitter  Follow Us on Facebook

Announcement

Collapse

The Alpha Software Forum Participation Guidelines

The Alpha Software Forum is a free forum created for Alpha Software Developer Community to ask for help, exchange ideas, and share solutions. Alpha Software strives to create an environment where all members of the community can feel safe to participate. In order to ensure the Alpha Software Forum is a place where all feel welcome, forum participants are expected to behave as follows:
  • Be professional in your conduct
  • Be kind to others
  • Be constructive when giving feedback
  • Be open to new ideas and suggestions
  • Stay on topic


Be sure all comments and threads you post are respectful. Posts that contain any of the following content will be considered a violation of your agreement as a member of the Alpha Software Forum Community and will be moderated:
  • Spam.
  • Vulgar language.
  • Quotes from private conversations without permission, including pricing and other sales related discussions.
  • Personal attacks, insults, or subtle put-downs.
  • Harassment, bullying, threatening, mocking, shaming, or deriding anyone.
  • Sexist, racist, homophobic, transphobic, ableist, or otherwise discriminatory jokes and language.
  • Sexually explicit or violent material, links, or language.
  • Pirated, hacked, or copyright-infringing material.
  • Encouraging of others to engage in the above behaviors.


If a thread or post is found to contain any of the content outlined above, a moderator may choose to take one of the following actions:
  • Remove the Post or Thread - the content is removed from the forum.
  • Place the User in Moderation - all posts and new threads must be approved by a moderator before they are posted.
  • Temporarily Ban the User - user is banned from forum for a period of time.
  • Permanently Ban the User - user is permanently banned from the forum.


Moderators may also rename posts and threads if they are too generic or do not property reflect the content.

Moderators may move threads if they have been posted in the incorrect forum.

Threads/Posts questioning specific moderator decisions or actions (such as "why was a user banned?") are not allowed and will be removed.

The owners of Alpha Software Corporation (Forum Owner) reserve the right to remove, edit, move, or close any thread for any reason; or ban any forum member without notice, reason, or explanation.

Community members are encouraged to click the "Report Post" icon in the lower left of a given post if they feel the post is in violation of the rules. This will alert the Moderators to take a look.

Alpha Software Corporation may amend the guidelines from time to time and may also vary the procedures it sets out where appropriate in a particular case. Your agreement to comply with the guidelines will be deemed agreement to any changes to it.



Bonus TIPS for Successful Posting

Try a Search First
It is highly recommended that a Search be done on your topic before posting, as many questions have been answered in prior posts. As with any search engine, the shorter the search term, the more "hits" will be returned, but the more specific the search term is, the greater the relevance of those "hits". Searching for "table" might well return every message on the board while "tablesum" would greatly restrict the number of messages returned.

When you do post
First, make sure you are posting your question in the correct forum. For example, if you post an issue regarding Desktop applications on the Mobile & Browser Applications board , not only will your question not be seen by the appropriate audience, it may also be removed or relocated.

The more detail you provide about your problem or question, the more likely someone is to understand your request and be able to help. A sample database with a minimum of records (and its support files, zipped together) will make it much easier to diagnose issues with your application. Screen shots of error messages are especially helpful.

When explaining how to reproduce your problem, please be as detailed as possible. Describe every step, click-by-click and keypress-by-keypress. Otherwise when others try to duplicate your problem, they may do something slightly different and end up with different results.

A note about attachments
You may only attach one file to each message. Attachment file size is limited to 2MB. If you need to include several files, you may do so by zipping them into a single archive.

If you forgot to attach your files to your post, please do NOT create a new thread. Instead, reply to your original message and attach the file there.

When attaching screen shots, it is best to attach an image file (.BMP, .JPG, .GIF, .PNG, etc.) or a zip file of several images, as opposed to a Word document containing the screen shots. Because Word documents are prone to viruses, many message board users will not open your Word file, therefore limiting their ability to help you.

Similarly, if you are uploading a zipped archive, you should simply create a .ZIP file and not a self-extracting .EXE as many users will not run your EXE file.
See more
See less

How I stopped thousands of spam hits on my Alpha server

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • How I stopped thousands of spam hits on my Alpha server

    alphatogo.com and iadn.com have been out there for a while and so my server gets thousands of hits daily from bad bots, hackers and spiders from search engines I don't want. I have a properly configured robots.txt that does a partial job keeping out the bots that obey those settings, but many of them do not obey those settings. Alpha Anywhere has a feature to block by IP address but that is of minimal use against this overwhelming tide.

    So I finally installed a "IP Blocker Firewall" on my server. The firewall allows me to block all known bad IP's from industry maintained blacklists, and/or by whole country. The "known bad IP" lists are automatically refreshed on a schedule (because the lists change daily). Right now I am blocking by blacklist, several whole countries and a few additional IP ranges based on my observation.

    Blocked hits never get to the Alpha web server and so consume NO Alpha web server resources.

    This still leaves my server open to all of search engines I want, and most of those who I expect to be valid customers. Because the blocking is fairly aggressive right now, I am sure this will occasionally block a legitimate hit -- so the Blocker is keeping a list of all IPs that hit the server (both allowed and blocked) so in a month or so I can change my tactic and try to block just the rogue IP ranges that are actually hitting my server rather than by whole country.

    Doing this has reduced the hits on my server by those thousands per day.

    Note, here are my robots.txt and sitemap.xml files. You should always have these files in your website root for basic SEO. My sitemap.xml is auto-generated every month from a scheduled xbasic script.
    Attached Files
    Steve Wood
    Join the ALPHA DEVELOPERS NETWORK
    There is no Cloud. It's just someone else's computer.
    Web - Mobile - Hosting - Products - Frameworks - Developer Resources
    AlphaToGo | IADN (100% Alpha Anywhere Websites)

  • #2
    Re: How I stopped thousands of spam hits on my Alpha server

    very interesting
    Frank

    Tell me and I'll forget; show me and I may remember; involve me and I'll understand

    Comment


    • #3
      Re: How I stopped thousands of spam hits on my Alpha server

      Steve,

      This is very helpful info. Do you know how the IP Blocker handles having multiple IP's (alpha instances) on the same physical server?

      Comment


      • #4
        Re: How I stopped thousands of spam hits on my Alpha server

        Jay, the whole process takes place in front of the web server, so it has no knowledge of instances or Alpha. It deals with hits to the Microsoft server across ALL ports, not just port 80/443.

        EDIT: That means it takes in to account ALL of the IP's hitting your server regardless of what Instance they go to. If you look at the image in my first post you see the several IPs it is hitting on my server. All of my IPs start with 50.23., so I don't recognize a couple of them, which is a bit confusing still.
        Last edited by Steve Wood; 12-01-2014, 04:19 PM.
        Steve Wood
        Join the ALPHA DEVELOPERS NETWORK
        There is no Cloud. It's just someone else's computer.
        Web - Mobile - Hosting - Products - Frameworks - Developer Resources
        AlphaToGo | IADN (100% Alpha Anywhere Websites)

        Comment


        • #5
          Re: How I stopped thousands of spam hits on my Alpha server

          Steve,

          One question I'd like to ask; have you been comparing products or is this THE "reference" product according to your findings ?
          Thx
          Frank
          Frank

          Tell me and I'll forget; show me and I may remember; involve me and I'll understand

          Comment


          • #6
            Re: How I stopped thousands of spam hits on my Alpha server

            Frank, Its the only product I could find.
            Steve Wood
            Join the ALPHA DEVELOPERS NETWORK
            There is no Cloud. It's just someone else's computer.
            Web - Mobile - Hosting - Products - Frameworks - Developer Resources
            AlphaToGo | IADN (100% Alpha Anywhere Websites)

            Comment


            • #7
              Re: How I stopped thousands of spam hits on my Alpha server

              OK Thx! I'm going to buy that.
              Frank

              Tell me and I'll forget; show me and I may remember; involve me and I'll understand

              Comment


              • #8
                Re: How I stopped thousands of spam hits on my Alpha server

                Is this similar to RDP Guard?

                I believe this is the app that Zebra Hosting recommends.

                Comment


                • #9
                  Re: How I stopped thousands of spam hits on my Alpha server

                  RDP Guard, guards RDP (primarily).

                  (And, I was the one who recommended RDP Guard to Zebrahost.)
                  Last edited by Steve Wood; 12-01-2014, 08:00 PM.
                  Steve Wood
                  Join the ALPHA DEVELOPERS NETWORK
                  There is no Cloud. It's just someone else's computer.
                  Web - Mobile - Hosting - Products - Frameworks - Developer Resources
                  AlphaToGo | IADN (100% Alpha Anywhere Websites)

                  Comment


                  • #10
                    Re: How I stopped thousands of spam hits on my Alpha server

                    Thanks for this information, Steve. What about those of us who use a load balancer?
                    Mike Brown - Contact Me
                    Programmatic Technologies, LLC
                    Programmatic-Technologies.com
                    Independent Developer & Consultant

                    Comment


                    • #11
                      Re: How I stopped thousands of spam hits on my Alpha server

                      The spammers are pinging the server/WAS instance IP addresses directly which bypasses the LB.

                      Comment


                      • #12
                        Re: How I stopped thousands of spam hits on my Alpha server

                        Hi Steve,

                        I'm curious about this.

                        Since any server needs to have Port 80 open, how is this a firewall?

                        As an IP blocker, most IP blockers just drag down server efficiency, especially the native Server ones. So, consequently, legit users get penalized for attempted hacks & robots, because the server now has to essentially look up IP addresses. This begs a question, have you tested server response times after installing this?

                        Assuming minimal adverse impact on server efficiency, and noting your comment about blocking 'a whole country', can one block a range of IPs without having to specify each one? For example, 210.211.64.1 to 210.211.64.66? Thus blacklisting a spefic known range of Persona non Grata?

                        As for utilty, if the Server is secure, and again thinking about server management of resources, why care about robots and attempted hacks?

                        Server side processing of illegit robots is of minimal overhead to the server (and quite frankly, anyone can create a robot to ignore robots rules). Probaly better to invoke invoke a timer block of repeated requests from the same IP inside of say, 20ms.

                        Hacking attempts are of a bigger concern, but since most hackers run over proxy servers (wherby they already opened a port on a usually unsuspecting innocent conduit), and bounce around hundreds at a time, blocking an IP on an insecure server seems to me as little more than a band aid on a severed artery.

                        otoh, if the server is secure, blocking IPs also seems pointless and does little more than degrade server efficiency.

                        Or am I missing something?


                        Not trying to be critical of your reasoning, and I think that anything that can improve server security is mostly valid, but I just don't see IP blockers as the solution.


                        Regards,

                        Gary.

                        Comment


                        • #13
                          Re: How I stopped thousands of spam hits on my Alpha server

                          Steve,
                          I rent a server from Zebra Host, do I just download and install this software on my server and it works as per my config or does this need to be installed by Zebrahost?
                          Sorry to ask such a noob question, but having zero knowledge I can ask no other...
                          NWCOPRO: Nuisance Wildlife Control Software My Application: http://www.nwcopro.com "Without forgetting, we would have no memory at all...now what was I saying?"

                          Comment


                          • #14
                            Re: How I stopped thousands of spam hits on my Alpha server

                            Charles - depends on your comfort level on the server. Its a pretty ordinary installation, but choosing what to block takes some time reviewing your logs and then deciding what to do. It takes a lot of observation over a period of time. And of course I tried my own IP like an idiot and temporarily locked myself out. (I knew I could get back in from another server).

                            Gary - I agree that it is not absolutely necessary to physically block hits to the server, hacking attempts or otherwise as long as the server is secure. The hacking attempts are all for PHP, completely bogus folder or file names or other non-Alpha resources they will never find. But the shear number of them was getting to me, like I said thousands upon thousands. My Alpha logs were full of 404 page errors, and search engine spider hits from various countries where I do not do business, all at 10 pages per second. And when that activity was high, id DID cause Alpha server strain. In fact, many times users here on the forum complained about server crashes or poor performance, and I helped investigate, it turned out to be from excessive unnecessary indexing of their site. One that comes to mind was getting their large PDF documents indexed and it always crashed the WAS.

                            I am currently blocking 274000 individual and ranges of IPs, and I do not see any performance degradation. But as I said I am recording the good and bad hits and plan to scale that down in a month to just block the ones that are actually hitting the server plus the industry-managed blacklists. The software gives me some aggregate data to help with that. BTW, on my server it is mostly China, Hong Kong, Pakistan, Russia, Ukraine and Israel. I also blocked IP ranges for several USA based search engines like Yandex.

                            Another thing I will say is that I learned a lot about my server by doing this. I had no idea so much was going on, and on ports other than 80/443. It is amazing to watch (I should do a recording). I need to know as much as I can about this both for my own use and for my customers. It IS important to pay attention to what is hitting your server. Case in point -- I have a customer that has highly personal information on their server (records of deaths) and a competitor fired up a SQL Injection attack on our server. It ran thousands of hacking attempts (with no success, Yeah Alpha). In that app I capture every single hit to a database table. I think you can see there it is important to monitor and also important to keep the number of useless spider hits to a minimum at least for sake of my database table.

                            Before I tried the above solution, I had written my own IP Blocker for hits to port 80. It used an xbasic script to capture all 404 Errors to non-Alpha related pages (PHP, empty folders, etc) The xbasic used a command line to write a Firewall Rule to block that IP. The problem was that after a couple days I had hundreds of new Rules in my Firewall, too many to manage.

                            Gary -- I don't understand your paragraph that includes "but since most hackers run over proxy servers ", so I don't know how to reply. The IP Blocker tool covers all ports, not just 80/443.

                            Lastly I would say selectively blocking by IP is not much different than you or I blacklisting our inbound email traffic. We do it because our time and peace of mind are precious. I also have to deploy anti-hacking measures over on the IADN Forum. If I drop the measures it instantly is flooded with bogus signups running ads or scraping for email addresses.
                            Steve Wood
                            Join the ALPHA DEVELOPERS NETWORK
                            There is no Cloud. It's just someone else's computer.
                            Web - Mobile - Hosting - Products - Frameworks - Developer Resources
                            AlphaToGo | IADN (100% Alpha Anywhere Websites)

                            Comment


                            • #15
                              Re: How I stopped thousands of spam hits on my Alpha server

                              Steve,

                              I think Gary means hackers are using proxy servers to hide their IP so they can act as if legit. I also took a closer look at the website of ipblocker, especially the contactpage does not really impress me; who is this guy, what is this software doing (is it thrustworthy?) I usually like some more background but you sure have triggered my interest; I see a lot of traffic on my server too that for sure is not from people I'll ever do business with & various indexing engines that don't intrest me. I also notice that IIS seems to offer solutions for this provided that you subscribe to some list (I bet you also have to subscribe to some list rather than just buying one time a list ?) https://www.countryipblocks.net/coun...and-web.config
                              Frank

                              Tell me and I'll forget; show me and I may remember; involve me and I'll understand

                              Comment

                              Working...
                              X