Network Security: Detailed info on Re: Hit Throttling

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

[Top] [All Lists]

Re: Hit Throttling - Content Theft Prevention

from [Kurt Seifried] Network Security

[Permanent Link]

Subject:	Re: Hit Throttling - Content Theft Prevention
Date:	Wed, 19 Oct 2005 04:11:56 -0600

If their is anything worth harvesting off the site that is publicly
available and one blocks the IP address Google cache is always an
option.
Hidden links in white text: What will happen if a legitimate spider
such as Google (again) comes across this link? shall they be blocked
also. Is that what you want to do?

Google is easy to deal with since they are well behaved (in my experience with a site that has over 100,000 pages google is the best to index timely and sanely without bringing my servers to their knees). google cache can be disabled in the document with a directive. Google uses a well known user agent that can be white listed (but wait.. wouldn't this cause attackers to use the same user agent....) and they also come (for my site anyways) from a few well defined class C's. Whitelisting legitimate crawlers isn't to hard (user agent string, network blocks, reverse DNS, etc.).

-Eoin

-Kurt

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Hit Throttling - Content Theft Prevention, Nik Cubrilovic Re: Hit Throttling - Content Theft Prevention, Kurt Seifried Re: Hit Throttling - Content Theft Prevention, Nik Cubrilovic Re: Hit Throttling - Content Theft Prevention, Peter Conrad Re: Hit Throttling - Content Theft Prevention, Eoin Keary Re: Hit Throttling - Content Theft Prevention, Kurt Seifried <= Re: Hit Throttling - Content Theft Prevention, Steve Shah Message not available Re: Hit Throttling - Content Theft Prevention, focus Re: Hit Throttling - Content Theft Prevention, Nik Cubrilovic Re: Hit Throttling - Content Theft Prevention, WebAppSec

Previous by Date:	Re: Hit Throttling - Content Theft Prevention, Eoin Keary
Next by Date:	Re: Hit Throttling - Content Theft Prevention, WebAppSec
Previous by Thread:	Re: Hit Throttling - Content Theft Prevention, Eoin Keary
Next by Thread:	Re: Hit Throttling - Content Theft Prevention, Steve Shah
Indexes:	[Date] [Thread] [Top] [All Lists]