Fancy 403: Ban them All!

Lot's of tech savvy computer users these days have figured out how to set up a home server to act as a file server, a streaming media server, a legitimate web-site server, a proxy server, and any number of other case sues. Surely, having access to your home computer, akin to your own personal "cloud", while away from home is not only a luxury, but in the professional or academic world, this can be a ral life saver.

But, along side that convenience, the problem of security arises when we connect our home computers to the internet and register a domain to our dynamic IP address. Suddenly, there are potential prying eyes that we may not want paying attention to us. There are, of course, several ways to mitigate this problem, here is one more...

I recently got pretty frustrated with a lot of inappropriate hits on my home web server, so I decided to do something about it. Here's a snappy little semi-aggressive 403 package that I threw together, that I would like to share with you. Here are the key features:

  • This 403 utilizes htaccess rules to blacklist and ban ip addresses from the server.
    • If someone gets to a forbidden URL, their ip address will be checked against a whitelist and, depending on the check, they will be either:
      • Pushed to an "oops!" whitelist notification page, and nothing else happens.
      • Or added to the blacklist file.
    • If someone is referred to this 403 from a link or otherwise tricked into accessing, no ban occurs. 
  • This 403 can be configured to email the sys admin every time a user is blacklisted or warned.
  • This 403 will perform a WhoIs check on any IP that qualifies for a ban, it will present the user with this WhoIs, and include the information in the email to sys admin.
  • This 403 includes hidden links on all output pages (excepting error messages) to a Project Honey Pot link on this domain. If you don't know about Project Honey Pot, you should, it's wonderful. Feel free to use that link or sign up and register your own! Spam hits on this site virtually vanished after hooking up my honey pot (down from 30,000/day at peak, to about < 150/day).
  • Most importantly, this 403 package.... Rick Rolls the user that lands on it. It isn't a profoundly aggressive Rick Roll, but it is a Rick Roll after all.

Because this script aggressively bans users, it is ideal to use for a private, home server, where security is paramount, and we really don't care who we ban. Also, since it logs all of the "dirty" hits via email, this might be a good way to track who is coming at your home IP address. I documented the code as well as I could, so anybody with basic skills should be able to ptu it into play.

Here's an example of how I set it up.

On my home system, I don't want anybody being able to "find" the server without typing in a specific URL, so I made a virtual host in Apache, called it "403", and placed it in the first spot in my /etc/apache2/sites-available/000-default.conf file, thus making it the default virtual host under Apache. Now, if anybody finds their way to my server without specifying a proper URL, they go to the 403 default and get banned.

NOTE: Make sue that your 403's virtual host directive in the apache conf files has AllowOverride all set for the "403" directory, else the ban won't work because Apache won't pay attention to the .htaccess file without that directive set!

 

Got any creative ways to use or modify this, let me know below!

 

NOTE: The WhoIsClass.php was retrieved from a site... that isn't listed in the code itself, and the site listed in the code is now dead. I left the credit in the code, and all of this is GPU 2.0 licensed, so hack away!

AttachmentSize
Package icon 403.zip6.79 MB

Add new comment