Clever Geek Handbook

Protecting my website from being "turned on"?

I have a website that provides whois information. How can I prevent other sites from using this information as a service? (usage includes, string manipulation or whatever)

And if this is not possible, how can I determine which websites are using / including this information?

+3


source to share


4 answers


I believe your own website is responding to WHOIS queries by delivering information to clients / users (although you were ambiguous and could just reference your own whois record, in which case you need a domain registration proxy).

The solution is then simple. Just limit the rate at which any IP address can make a request. Do something that the average user will probably never hit, but the website is impossible to work with. Maybe one request every 5 (or whatever) seconds is a good place to start. Tighten the restriction if you are having problems for some reason.



Even if that doesn't stop the website from pumping out your API, it will slow them down, so the stress on your server will be negligible.

This can be used in addition to the daily limit and a small number of journal checks. Manually ban IPs with suspicious activity and / or obtain log monitoring software.

+3


source


When someone "scratches" your site, they usually do it through automation. This will show up in your server logs as thousands of requests from a single IP. The solution is to maintain a blacklist of IPs that are denied access to your site, or suppress the maximum requests from that IP address per day.

There are several tools that will monitor your logs and alert you to suspicious activity. These are a few that I found in a google search:



+1


source


If you don't want to deny services to your users or play a cat mouse game, no.

0


source


You cannot block them automatically as far as I know, but you can prevent it manually.

Check the IP address of the requests and block the IP address that is making a lot of requests in short periods of time, which means it cannot be a standard user.

0


source






More articles:


All Articles