Blocking Access

How to block access to your resources and to prevent their abuse. This is no easy task and requires some serious thought. Access control will help in slowing down the abuse of resources.

Web - http

For an ecommerce / web site to operate you need traffic. However, your traffic that you receive should come from two main sources

  1. Search directories that you want to have your pages included in
  2. Real human visitors.

What you don’t want are :

  1. Content scrapers
  2. Automated Bots / Spiders that dont respect robots.txt
  3. Download of your content - 100’s megs at a time

What you need to block :

  1. Bad Spiders or bots by “user agent” or by “IP”
  2. Other hosting servers, that are downloading content without permission
  3. Bots that do not respect robots.txt
  4. Users that run scraper and downloader programs, that dont respect your bandwidth and resources.

Mail - smtp

What you should allow

  1. Only mail from legitemate trusted sources
  2. Only allow mail to and from those resources you want mail from and want mail from you.
  3. Also, ensure you have non-abusable contact form to receive web inquiries. Use a form of captcha to outwit automated form filler bots.

What you should deny

  1. Abusive hosts and netblocks, that automate sending you spam
  2. Geographic Netblocks that you have no reason to deal with
  3. Traffic from dialup and dynamic ranges, unless authorized, with valid reverse entries and correct MX records.

How?

  1. Make use of spam blocking filters to block
  2. and filtering, to filter off suspect mail, for later review
  3. Validate sender IP with reverse lookups, to ensure it is a genuine mail server.
  4. Block mail port in firewall by IP for abusive hosts/bad netblocks and Geographic ranges you dont want traffic from.

Transfer - Ftp

What to allow

  1. Only services or users that have permission to do so.

What to block

  1. Every single IP that does not have your permission to login to add content or download content, easily done through a firewall. Alternatively turn off FTP and only turn on when required.

Secure transfer - SSH

What to allow

  1. Only services or users that have permission to do so

What to block

  1. Every single IP that does not have your permission to login to add content or download content, or having administrative rights on a server. Easy to block with deny hosts file or firewall.

Comments are closed for this post!