I don't really get involved professionally any more, just host sites for a couple of mates and a couple for my own amusement. Still, it's irritating to get thousands of probes every day probably generated by script kiddies.
Apache2 isn't really optimised out of the box so I had to tune it a bit to stop the scanner from gobbling up all the memory and thrashing the swap file then I added geoIP to the awstats installation. Awstats provides website statistics like number of hits and where they came from in terms of IP or domain if it can be resolved. GeoIP does regional lookups on IP providing country of origin and city.
Both of these are included in most of the recent Ubuntu/Debian distributions so you can easily install them using apt-get. Be aware though that the directory structure in these distributions is a little different from the norm. For example, the GeoIP database will end up in /usr/share/GeoIP NOT /var/lib as some tutorials will suggest.
Once installed you can run this command:
geoiplookup 8.8.8.8
in a terminal session and get results like that below:
However, even better is to build it into your Apache configuration and block countries using the .htaccess file!
Add these lines to your apache2.conf file:
Ensure the geoip module is enabled in Apache and .htaccess usage is not blocked and restart Apache. Then you can add a .htaccess file to the root of the website(s) you want to protect:
A quick check of my Apache error log file reveals the culprits...
Note: the log file above has been modified by hand to show the countries but .htaccess is clearly doing its job!
Apache2 isn't really optimised out of the box so I had to tune it a bit to stop the scanner from gobbling up all the memory and thrashing the swap file then I added geoIP to the awstats installation. Awstats provides website statistics like number of hits and where they came from in terms of IP or domain if it can be resolved. GeoIP does regional lookups on IP providing country of origin and city.
Both of these are included in most of the recent Ubuntu/Debian distributions so you can easily install them using apt-get. Be aware though that the directory structure in these distributions is a little different from the norm. For example, the GeoIP database will end up in /usr/share/GeoIP NOT /var/lib as some tutorials will suggest.
Once installed you can run this command:
geoiplookup 8.8.8.8
in a terminal session and get results like that below:
However, even better is to build it into your Apache configuration and block countries using the .htaccess file!
Add these lines to your apache2.conf file:
Ensure the geoip module is enabled in Apache and .htaccess usage is not blocked and restart Apache. Then you can add a .htaccess file to the root of the website(s) you want to protect:
A quick check of my Apache error log file reveals the culprits...
Note: the log file above has been modified by hand to show the countries but .htaccess is clearly doing its job!
