Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 28 Aug 2017, 09:57
the one the one is offline
 
Join Date: Nov 2013
Real name: malcolm
How can I block traffic FROM Amazon Technologies

I am aware that Amazon now make available a complete list of their IP address blocks in JSON format here https://ip-ranges.amazonaws.com/ip-ranges.json


I have been told that you can use that to create rules to block all of those addresses.Now i am not really any good at this so this is my question.

What would i do with that would i copy it and add it in my CSF in WHM and if so can someone tell me where i put that or how do i create the rules block.

Many thanks.

Malc
Reply With Quote
  #2  
Old 28 Aug 2017, 12:50
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Real name: Simon
You could ban their useragent string using this https://www.vbulletin.org/forum/showthread.php?t=268208 or Ban IPs using this https://www.vbulletin.org/forum/showthread.php?t=268147 no rules needed
__________________
Kind regards,
Simon Microsoft Office Help
My Mods: Find my modifications here
Please do not pm me for support unless i have invited you to!
Reply With Quote
  #3  
Old 29 Aug 2017, 08:10
the one the one is offline
 
Join Date: Nov 2013
Real name: malcolm
I dont fancy banning the ip individually that would take forever and i would do that at the server end.

I also have that plugin for bots installed on my forum and it bans most bots but for some reason it does not work on amazonaws.

Anyway thanks for the advice.I did do a thread here https://www.vbulletin.org/forum/showthread.php?t=323511 but only a few work arounds

cheers
Reply With Quote
  #4  
Old 29 Aug 2017, 08:25
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Real name: Simon
The bot blocker does do the Amazonaws but you need to find the correct useragent, so you'd need to block amazonaws.com, ia_archiver, alexa.com (unless you use Alexa for your web analysis), softlayer.com, scaleway.com and there are a few more, but the best way is to view your Who's Online page with useragent showing and copy the amazonaws strings in to the list in the mod then they are gone forever

--------------- Added 29 Aug 2017 at 08:33 ---------------

As an added, use the tools I provide links to in the ban spider mod page and analyse the user agent string as it may turn out that that they have other associated and the one displaying is just a fašade.
__________________
Kind regards,
Simon Microsoft Office Help
My Mods: Find my modifications here
Please do not pm me for support unless i have invited you to!
Reply With Quote
  #5  
Old 29 Aug 2017, 19:56
the one the one is offline
 
Join Date: Nov 2013
Real name: malcolm
Thanks simon so if i see this

ec2-52-89-87-158.us-west-2.compute.amazonaws.com

Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36


Do i put this Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36 in the ban spider

Many thanks
Reply With Quote
  #6  
Old 30 Aug 2017, 18:56
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Real name: Simon
Yes exactly that, you have to remember that Amazonaws isn't actually amazon but just rented space to others by them.

This part ec2-52-89-87-158.us-west-2.compute.amazonaws.com is just what the IP address resolves to and you see it as admin.

Hope that helps
__________________
Kind regards,
Simon Microsoft Office Help
My Mods: Find my modifications here
Please do not pm me for support unless i have invited you to!
Reply With Quote
  #7  
Old 02 Sep 2017, 13:56
the one the one is offline
 
Join Date: Nov 2013
Real name: malcolm
Originally Posted by Simon Lloyd View Post
Yes exactly that, you have to remember that Amazonaws isn't actually amazon but just rented space to others by them.

This part ec2-52-89-87-158.us-west-2.compute.amazonaws.com is just what the IP address resolves to and you see it as admin.

Hope that helps
Thanks buddy

So this agent Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36

If i put that in the ban list it wont stop normal members viewing the forum.

Cheers once again
Reply With Quote
  #8  
Old 02 Sep 2017, 14:24
Dave Dave is offline
 
Join Date: Jun 2010
Real name: Dave
People who still use version 41.0.2228.0 of Chrome will not be able to use the forum if you ban that useragent.
It's very unlikely people still use that version since we're at version 60 now though.
__________________
https://technidev.com - security, development, exploits, vBulletin
dave[at]technidev[dot]com

Contact me for custom vBulletin 3/4 work & server/website management.
Reply With Quote
  #9  
Old 06 Sep 2017, 17:50
Stratis's Avatar
Stratis Stratis is offline
 
Join Date: Jan 2010
Real name: Stratis
This I use in a file .htaccess


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

When I see some new IP, I put that in the file. I have many months to see them again.
Reply With Quote
  #10  
Old 07 Sep 2017, 19:00
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Real name: Simon
Originally Posted by Dave View Post
People who still use version 41.0.2228.0 of Chrome will not be able to use the forum if you ban that useragent.
It's very unlikely people still use that version since we're at version 60 now though.
Hi Dave, it wont ban just that version of Chrome, it will only ban any user with that entire user agent string, so no worries if there are some dinosaurs still using that version of Chrome

--------------- Added 07 Sep 2017 at 19:01 ---------------

Originally Posted by Stratis View Post
This I use in a file .htaccess


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

When I see some new IP, I put that in the file. I have many months to see them again.
You shouldn't have a large .htaccess file as it can lead to a greater use of resources which in turn could slow the experience for real users.

--------------- Added 07 Sep 2017 at 19:02 ---------------

Originally Posted by the one View Post
Thanks buddy

So this agent Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36

If i put that in the ban list it wont stop normal members viewing the forum.

Cheers once again
No it wont, it will prevent users that have that exact user agent string (which appears to be a modified one) from entering your site.
__________________
Kind regards,
Simon Microsoft Office Help
My Mods: Find my modifications here
Please do not pm me for support unless i have invited you to!
Reply With Quote
  #11  
Old 08 Sep 2017, 09:12
Stratis's Avatar
Stratis Stratis is offline
 
Join Date: Jan 2010
Real name: Stratis
Originally Posted by Simon Lloyd
You shouldn't have a large .htaccess file as it can lead to a greater use of resources which in turn could slow the experience for real users.
Here is a small point, it is better stopping all of them that actually take more resources when they are in my site. Thanks
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 09:03.

Layout Options | Width: Wide Color: