In apache, the mod_rewrite allows you to rewrite urls based on different factors, like the HTTP_REFERER. It seems to me that requests coming in should list the 'bad-guy's site as the referer. see http://www.engelschall.com/pw/apache/rewriteguide/ especially the sections under "Access Restriction" on "Blocked Inline-Images Problem Description: Assume we have under http://www.quux-corp.de/~quux/ some pages with inlined GIF graphics. These graphics are nice, so others directly incorporate them via hyperlinks to their pages. We don't like this practice because it adds useless traffic to our server." and Referer-based Deflector a windows version of apache is available, or perhaps iis has a similar feature. marc On Wed, 30 Oct 2002, Hunt, Jim wrote: > First, thanks for everyone's replies with suggestions and helpful tips > and dirty tricks. > > I thought it might be helpful if I recap in detail the incident. Maybe > it will help foster more thinking both technically and also the more > complex issues of policies. (I am not sure of the word I want to use > but I choose policies.) > > This incident came about because a rivalry between 2 message boards and > escalated because the big guy, besides being a general jerk, has the > resources to keep kicking it up a notch. > > My friend and I use that term loosely because I only know her from the > message board is 17, lives in Israel, and has vBulletin running on a > Pentium III Desktop with Microsoft Windows 2000 Server. She has a > dedicated 1 MB DLS connection to the Internet. She runs Zone Alarm Pro > on the Server and this is behind a Linksys Router. > For her, the board is a hobby and she is savvy enough to make it work > pretty well but doesn't have technical skills for situation like this > past Sunday. She also doesn't have $$$ to do anything that costs money. > She isn't making money doing this and isn't in a position to bring legal > action against someone in the US. > > The "Big Guy" also has a Php based vBulletin forum running along with > several business sites that are making him enough cash to have his own > enterprise servers in a major collocation facility. He used his forum > along with many of his business sites to launch the inline frame attack > against the other forum. > > The situation finally resolved itself when he deiced his sites were > being slowed down to the point of people noticing his sites loading > slowly and when my friend agreed to publicly say she was "owned" by him. > She didn't like the position but felt that it was in the best interest > of everyone to take the "hit" and move on. > > I also contacted the collocation facility on several fronts about the > attack but have heard nothing other than a tech in one of their chat > rooms saying they won't do anything without the logs from the attacked > site. The "Big Guy" has put up a hate site attacking my friend (and her > family) personally and people of Jewish heritage. It is quite offensive > but he claims it is parody and protected. The collocation facility also > has done nothing about this site when contacted. > > To combat the issues for now, we have used a JavaScript to break out of > a frame and "trump" any page that has an inline frame to the site. We > applied the filter to protected against hot linking images from the > server as that was done recently too by him. Everything is quiet at > this point in time. > > As more and more people decide to have web server at home for business > or personal use, this issue could become a major problem with no real > solution. Hopefully this is the last of it for my friend. > > Jim Hunt > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > marc "You have alligned [sic] yourself with some of the most radical groops [sic] of cooks" - inept, culinary-based hate mail to http://www.mainstreammc.org/ "Bush should take up t'ai chi. He'd be a lot more relaxed and not so invady." - www.theonion.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Nov 04 2002 - 16:07:45 PST