Re: block php requests

2015-01-22 Thread Collin Anderson 
Hi,

I had broken link emails enabled for a while. Over time, my nginx.conf 
config grew into this:

location /_vti_inf.html { return 404; }
location /crossdomain.xml { return 404; }
location ~/cache/eb91756ae6745d22433f80be4ec59445$ { return 404; } # 
some sort of plugin?
location ~\.php$ { return 444; }
location ~\.aspx?$ { return 444; }
location /account/submit/add-blog { return 444; }
location /blogs/my_page/add { return 444; }
location /my_blogs { return 444; }
location /YaBB { return 444; }
location /signup { return 444; }
location /register { return 444; }
location /user/register { return 444; }
location /member/register { return 444; }
location /forum/member/register { return 444; }
location /tools/quicklogin.one { return 444; }
location /mt.js { return 444; }
location ~\[PLM=0\] { return 444; }

I eventually just turned of the 404 emails and was able to delete all of 
that config :)

Actually, if you put an  (or do a similar 
request with ajax) on your 404 page, that would filter out a lot of spam.

Collin

On Wednesday, January 21, 2015 at 3:32:15 AM UTC-5, hinnack wrote:
>
> Hi,
> thanks for your reply.
> Blocking all requests in Apache seems to be the best way. Can you give an 
> example how to do that?
> As / is mapped to the wsgi app ( 
> https://docs.djangoproject.com/en/1.7/howto/deployment/wsgi/modwsgi/ )
> and a new files section does not the trick:
>
>  #PHP protection
>
> order allow,deny
>
> deny from all
>
> satisfy all
>
> 
>
>
> Am Dienstag, 20. Januar 2015 12:55:40 UTC+1 schrieb hinnack:
>>
>> Hi,
>>
>> I get a lot of intrusion checks on my website - especially for PHP 
>> (wordpress, joomla, …).
>> Today they all raise a 404 errors in python-django - so if you have 
>> emails enabled for 404 errors…
>>
>> What is the best way to block those requests in a standard apache 
>> deployment?
>> ( https://docs.djangoproject.com/en/1.7/howto/deployment/wsgi/modwsgi/ )
>>
>> regards
>>
>> Hinnack
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/c79c99b7-ff19-4785-b6fb-d12786876e5a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: block php requests

2015-01-21 Thread hinnack 
Hi,
thanks for your reply.
Blocking all requests in Apache seems to be the best way. Can you give an 
example how to do that?
As / is mapped to the wsgi app ( 
https://docs.djangoproject.com/en/1.7/howto/deployment/wsgi/modwsgi/ )
and a new files section does not the trick:

 #PHP protection

order allow,deny

deny from all

satisfy all




Am Dienstag, 20. Januar 2015 12:55:40 UTC+1 schrieb hinnack:
>
> Hi,
>
> I get a lot of intrusion checks on my website - especially for PHP 
> (wordpress, joomla, …).
> Today they all raise a 404 errors in python-django - so if you have emails 
> enabled for 404 errors…
>
> What is the best way to block those requests in a standard apache 
> deployment?
> ( https://docs.djangoproject.com/en/1.7/howto/deployment/wsgi/modwsgi/ )
>
> regards
>
> Hinnack
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/aa96b4c6-63cc-4eff-9fa0-95c7bf71dfd4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: block php requests

2015-01-20 Thread Avraham Serour 
you can tell apache to get any request ending with .php and return 404 from
apache without passing the request to django
you could return something else like 403 and ban the ip for some time

On Tue, Jan 20, 2015 at 1:55 PM, hinnack  wrote:

> Hi,
>
> I get a lot of intrusion checks on my website - especially for PHP
> (wordpress, joomla, …).
> Today they all raise a 404 errors in python-django - so if you have emails
> enabled for 404 errors…
>
> What is the best way to block those requests in a standard apache
> deployment?
> ( https://docs.djangoproject.com/en/1.7/howto/deployment/wsgi/modwsgi/ )
>
> regards
>
> Hinnack
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/6ae3fac4-4de2-4b26-8fce-aafb84c6a01a%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAFWa6tLK5_v3u5TVosTcdTKd5xumbVVm1oxLjrnJ%2BXdgu5LjcQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

block php requests

2015-01-20 Thread hinnack 
Hi,

I get a lot of intrusion checks on my website - especially for PHP 
(wordpress, joomla, …).
Today they all raise a 404 errors in python-django - so if you have emails 
enabled for 404 errors…

What is the best way to block those requests in a standard apache 
deployment?
( https://docs.djangoproject.com/en/1.7/howto/deployment/wsgi/modwsgi/ )

regards

Hinnack

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/6ae3fac4-4de2-4b26-8fce-aafb84c6a01a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.