XFileSharing Pro - himado.in - they grab movies from XFS - Page 2

Message
Author
adiga
Posts: 177
Joined: Jul 23, 2009 2:27 am

#16 Postby adiga » Jul 30, 2012 2:27 pm

i have to ban upload and download of japan
and addition to ban for some sites IPS

randy
Posts: 321
Joined: Mar 13, 2012 7:00 pm

#17 Postby randy » Jul 30, 2012 6:03 pm

where to put this code in nginx?

amator
Posts: 72
Joined: Dec 01, 2010 6:51 pm

#18 Postby amator » Jul 30, 2012 9:49 pm

trinsic wrote:If you use Nginx you can use valid_referrers:

Code: Select all

location /files/ {
  valid_referers none blocked www.mydomain.com mydomain.com;
 
  if ($invalid_referer) {
    return   403;
  }
}
I guess we can allow only our main domain, and block all the rest? right?

trinsic
Posts: 149
Joined: Dec 21, 2009 9:24 am

#19 Postby trinsic » Jul 30, 2012 11:27 pm

randy wrote:where to put this code in nginx?
Put it in the server section of your config.
amator wrote:
trinsic wrote:If you use Nginx you can use valid_referrers:

Code: Select all

location /files/ {
  valid_referers none blocked www.mydomain.com mydomain.com;
 
  if ($invalid_referer) {
    return   403;
  }
}
I guess we can allow only our main domain, and block all the rest? right?
Yes this blocks any referrer other than your site from accessing the file directly (not your site, just the direct download link). I added a none referrer so some users don't experience problems.

PowerChaos
Posts: 521
Joined: Dec 19, 2009 5:12 pm

#20 Postby PowerChaos » Aug 04, 2012 9:23 pm

well
be smart and use your firewall to block them

a build in firewall is iptables

You can block traffic at both Apache or iptables level. I recommend iptables to save some resources. First, you need to get list of netblocks for each country. Simply visit this page and download IP block files are provided in CIDR format. Use the following shell script:

WARNING!People from other countries may use proxy server or think of spoofing their IP address. In such case, this may not work and it will only protect your box from automated scans or spam.

Code: Select all

#!/bin/bash
### Block all traffic from AFGHANISTAN (af) and CHINA (CN). Use ISO code ###
ISO="af cn"
 
### Set PATH ###
IPT=/sbin/iptables
WGET=/usr/bin/wget
EGREP=/bin/egrep
 
### No editing below ###
SPAMLIST="countrydrop"
ZONEROOT="/root/iptables"
DLROOT="http://www.ipdeny.com/ipblocks/data/countries"
 
cleanOldRules(){
$IPT -F
$IPT -X
$IPT -t nat -F
$IPT -t nat -X
$IPT -t mangle -F
$IPT -t mangle -X
$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
}
 
# create a dir
[ ! -d $ZONEROOT ] && /bin/mkdir -p $ZONEROOT
 
# clean old rules
cleanOldRules
 
# create a new iptables list
$IPT -N $SPAMLIST
 
for c  in $ISO
do
	# local zone file
	tDB=$ZONEROOT/$c.zone
 
	# get fresh zone file
	$WGET -O $tDB $DLROOT/$c.zone
 
	# country specific log message
	SPAMDROPMSG="$c Country Drop"
 
	# get 
	BADIPS=$(egrep -v "^#|^$" $tDB)
	for ipblock in $BADIPS
	do
	   $IPT -A $SPAMLIST -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG"
	   $IPT -A $SPAMLIST -s $ipblock -j DROP
	done
done
 
# Drop everything 
$IPT -I INPUT -j $SPAMLIST
$IPT -I OUTPUT -j $SPAMLIST
$IPT -I FORWARD -j $SPAMLIST
 
# call your other iptable script
# /path/to/other/iptables.sh
 
exit 0
Save above script as root user and customize ISO variable to point out country name using ISO country names. Once done install the script as follows using crontab:

Code: Select all

@weekly /path/to/country.block.iptables.sh
To start blocking immediately type:

Code: Select all

# /path/to/country.block.iptables.sh
And you are done with blocking the whole country from your server.

Greetings From PowerChaos

trinsic
Posts: 149
Joined: Dec 21, 2009 9:24 am

#21 Postby trinsic » Aug 04, 2012 10:18 pm

Sorry but I'm not willing to block an entire country just because one website was abusing resources.

PowerChaos
Posts: 521
Joined: Dec 19, 2009 5:12 pm

#22 Postby PowerChaos » Aug 05, 2012 11:38 am

You can also use iptables to block ip's
or to block specific websites ( also called ip's )

if you want to do it on a easy way
download this program

http://configserver.com/cp/csf.html

it let you easy configure your firewall and got a web interface ( ssl needed )
else you just need to edit a config file and you can add certain ip's and it also block mass connections

Greetings From PowerChaos