What to you do about Proxy attack?

Status
Not open for further replies.

Zoli

Yellow Belt
Temi, this attack method could do serious demages because the weaker websites can be remove from search engine listings due to the duplicated content. The problem is when a proxy website does not restrict the indexing activity of search engines regarding the proxified content.

How can you protect your website?

You need this code
PHP:
<?php
$ua = $_SERVER['HTTP_USER_AGENT'];
if(stristr($ua, 'msnbot') || stristr($ua, 'Googlebot') || stristr($ua, 'Yahoo! Slurp')){
$ip = $_SERVER['REMOTE_ADDR'];
$hostname = gethostbyaddr($ip);
if(!preg_match("/\.googlebot\.com$/", $hostname) &&!preg_match("/search\.live\.com$/", $hostname) &&!preg_match("/crawl\.yahoo\.net$/", $hostname)) {
$block = TRUE;
header("HTTP/1.0 403 Forbidden");
exit;
} else {
$real_ip = gethostbyname($hostname);
if($ip!= $real_ip){
$block = TRUE;
header("HTTP/1.0 403 Forbidden");
exit;
} else {
$block = FALSE;
}
}
}
?>
included to the very beginning of the script or add this to the .htaccess file as php_value auto_prepend_file value. The code will validate the search bots in accordance with their host, if they try to index the proxified content they will get 403 server error.:rolleyes:
More information about the topic can be found in my earlier blogpost.
 
Status
Not open for further replies.
Top