IIS Dynamic IP Address Restriction to permanently block IP - iis

So I have a website that is getting hit regularly from someone scraping our content and I would like to do my best to annoy him as possible.
Currently we have IIS Dynamic IP address restriction on but this only temp blocks him for a very short time. Is it possible to have the same sort of rules but permanently block him instead.
So if we have 20 requests in 10 seconds from the same IP address that IP address is then block indefinitely (or a preset time I can pick)
we currently using IIS7.5
Thanks
Steve

To answer your question, you should look at this, it is an extension for IIS . You can actually set it up in such a way that if a user reaches a certain number of connections they are getting denied.
Hope this helps !

Related

Block anything using an IP instead of a domain

Getting a lot of traffic [likely bots] that are hitting my site via an IP address instead of a domain.
For example, a user would access my site at https://www.example.com/login but I'm getting traffic using the IP instead: https://123.45.678.910/login
I would like to block access to anything using the IP instead of the domain. Can this be done via the .htaccess file?
I can do it via PHP, but by then, it's already wasting resources. Is there another / common / best-practice way to handle this?
When googling for the solution, I get a LOT of information about how to block or allow specific IP address(es) or range of IPs, but that's not what I'm looking for.

How to dynamically deny access using .htaccess

I am familiar with denying access based on an IP, block of IPs, browser, URL etc... but my problem here is, let me state, how to deny access if it came from some IP address, at least 3 times a second for long period of time. Here, you don't know the IP address unless you look at the access file. By the time you found out the IP address it's already drawn too much of the bandwidth.
You can't use htaccess for doing this. The out-of-box apache directives can't handle browsing sessions. You'll need to install some sort of log parser, maybe something like fail2ban? Or you can probably cook up a set of iptables rules for blocking lots of connections from one IP: https://askubuntu.com/questions/437059/linux-command-to-prevent-dos-attack-by-using-netstat-and-iptables

DNS delivering ads?

Could it be that my DNS (which was set by my ISP) is making money when I go online?
I know that the 'web-page unavailable, but look at these amazing ads'-pages (when the user tries to reach the wrong address) bring them a little bit of money. But I am interested in another case.
Could it be that they serve me an ad (as pop-up or pop-down) when I go to a completely 'normal' page without consent of the web-page itself? It would be a kind of add-on, you ask for page example.com/foe, the example.com site serves the page foe, but the DNS sends you unrequested a pop-under ad.
Am I paranoid, or is it happening? Note: I know how to block ads, pop-ups/under and so on. I just want to investigate better how DNS services are trying to make a buck (or a cent) here and there.
Not exactly. The way DNS works is straight forward; say you host a web server which you have purchased a domain name of noads.com for. When you purchase that domain name you're going to be setting it to point to the IP address of your server. Now, from your servers you can host ads if you wish, or setup redirects so that when someone requests, "Noads.com/hi" they get an ad proclaiming the wonders of a cereal high in fiber. However, at this point you're past the point of DBS resolution. The request to noads.com was resolved to your IP address. The /hi folder was accessed after that resolution took place and your webserver may have presented the ad or redirected as the programmer of the website chose.
As for your ISP sneaking something in there... It would be very bad for their business, if not a suable offense, to add A records to their DNS server which direct you to an IP other than the one registered. To check that you could use www.checkdomain.com to find what the domain should be, and type in the name of the domain you want to reach. Then use a command line (press your windows key and R to bring up a run prompt, then type CMD and press enter) from there type nslookup . This will show you the IP you SHOULD be directed to and the IP you ARE being directed to.
One last parting thought, DNS is not a random function. Meaning you can't set an "If, then" on it. If you request a website it's always going to go to the same IP. The only reason it wouldn't is if there are multiple host records pointing to different IPs for a single name. I don't believe that is something to worry about, as the ISP servers will point to the official "internet" servers which will be carefully tended and kept free of error.
Hopefully this explains everything to your satisfaction. Please feel free to ask for clarification if something is not clear.
Thanks!

Staging area ptotection based on ip...what if my client has a dynamic IP?

I'm trying to put online a staging area for an upcoming website... I'd usually rather use an htaccess rule to enable only me and my client to see the website...i think is safer and you dont need to rememebr passwords and so...
but my client this time has an internet provider who doesnt give him a static ip, aparently everyday or so, his ip chamges...so i have to change my htaccess!
there is any solution for that?
First of all, dynamic IPs are very common, a lot of providers disconnect the client in intervals of 12 or 24 hours, which usually means they get a new IP assigned.
Second, just giving out a username / password combination not only seems safer, but also more hassle-free. You are about to invest time into a solution that's probably not worth it. I also don't see how you would obtain the valid IP address of the client to update your .htaccess file, apart from having the client install a service that updates a dynamic DNS entry mayb - more of a hassle than remembering a login, if you ask me.
You could have him use a dynamic DNS service like dyndns.com or no-ip.com. That way he can setup a domain name like someguy.dyndns.com which would always resolve to his ip (he'll probably need to install a small daemon/service/program to automatically update the IP though). Then you can add a rule into your .htaccess like allow from someguy.dyndns.com.

Using IIS7 can I get the IP that accessed a webpage at a certain time?

Using IIS7 can I get the IP that accessed a webpage at a certain time?
Such as 3:41:17 am? Not a programming question, but I need to track down whoever connected and trashed my web project. So please dont close this question.
You can look at the IIS logs to see this information. It normally is recorded (originating IP address and time as well as other data - the requested page, size of response and result code).
This of course assumes that logging is turned on.

Resources