|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Need to block Web Spider software like Teleport proRecently our website crashed due to malicious activities by a stranger by using web spider software Teleport pro. Teleport Pro is the software that does this web capture activity, the client that was repeatedly hitting us every few seconds with the ‘web capture’ and ultimately caused for the web server crashes. I did some research on how to block web spider software like Teleport pro. I couldn’t find any effective way to block it as it works like a browser and does the trick with HTTP functions. One way to block such activities is by blocking IP address, the way which we did. Yes, if they start it from another IP address again we will be in trouble. So blocking IP address is just a temporary solution. I would like to know an effective way to prevent such software from spidering my site and making the content available off line. Can anyone provide some ideas to block such software activities? Is there any patch, method to block it with in IIS? There are some software available to protect the content that capable to block Teleport pro , The one is TagsLock, http://www.tagslock.com/tagslock_pro.htm . But I am not sure how efficient this software and how it works. Did anyone tested it and give me the opinion? Is that cause to decrease the performance? Ultimately I want a solution to block similar software activities in an effective way and any advice from anyone would be grateful. Thanks, Rijesh.
Show quote
Hide quote
"Rijesh" <Rij***@discussions.microsoft.com> wrote in message Because it has this feature:news:DA560DB6-C7B5-4F09-9927-D1076DD0816A@microsoft.com... > Hi, > > Recently our website crashed due to malicious activities by a stranger by > using web spider software Teleport pro. Teleport Pro is the software that > does this web capture activity, the client that was repeatedly hitting us > every few seconds with the 'web capture' and ultimately caused for the web > server crashes. > > I did some research on how to block web spider software like Teleport pro. I > couldn't find any effective way to block it as it works like a browser and > does the trick with HTTP functions. One way to block such activities is by > blocking IP address, the way which we did. Yes, if they start it from another > IP address again we will be in trouble. So blocking IP address is just a > temporary solution. > > I would like to know an effective way to prevent such software from > spidering my site and making the content available off line. Can anyone > provide some ideas to block such software activities? Is there any patch, > method to block it with in IIS? > > There are some software available to protect the content that capable to > block Teleport pro , The one is TagsLock, > http://www.tagslock.com/tagslock_pro.htm . But I am not sure how efficient > this software and how it works. Did anyone tested it and give me the opinion? > Is that cause to decrease the performance? > > Ultimately I want a solution to block similar software activities in an > effective way and any advice from anyone would be grateful. "Configurable Agent Identity allows Teleport Pro to impersonate popular browsers; gets data from even the stingiest servers" it doesn't appear that you can do anything about it, other than monitor and block IP addresses. Why is your server crashing though? That shouldn't happen ... -- Tom Kaminski IIS MVP http://www.microsoft.com/windowsserver2003/community/centers/iis/ http://mvp.support.microsoft.com/ http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS Our server has VCMS plug-in configured, so each time webserver checks the URL
though plug-in and eventually i think the plug-in cause the problem. Not sure why? Thanks, Rijesh. Show quoteHide quote "Tom Kaminski [MVP]" wrote: > "Rijesh" <Rij***@discussions.microsoft.com> wrote in message > news:DA560DB6-C7B5-4F09-9927-D1076DD0816A@microsoft.com... > > Hi, > > > > Recently our website crashed due to malicious activities by a stranger by > > using web spider software Teleport pro. Teleport Pro is the software that > > does this web capture activity, the client that was repeatedly hitting us > > every few seconds with the 'web capture' and ultimately caused for the web > > server crashes. > > > > I did some research on how to block web spider software like Teleport pro. > I > > couldn't find any effective way to block it as it works like a browser and > > does the trick with HTTP functions. One way to block such activities is by > > blocking IP address, the way which we did. Yes, if they start it from > another > > IP address again we will be in trouble. So blocking IP address is just a > > temporary solution. > > > > I would like to know an effective way to prevent such software from > > spidering my site and making the content available off line. Can anyone > > provide some ideas to block such software activities? Is there any patch, > > method to block it with in IIS? > > > > There are some software available to protect the content that capable to > > block Teleport pro , The one is TagsLock, > > http://www.tagslock.com/tagslock_pro.htm . But I am not sure how efficient > > this software and how it works. Did anyone tested it and give me the > opinion? > > Is that cause to decrease the performance? > > > > Ultimately I want a solution to block similar software activities in an > > effective way and any advice from anyone would be grateful. > > Because it has this feature: > > "Configurable Agent Identity allows Teleport Pro to impersonate popular > browsers; gets data from even the stingiest servers" > > it doesn't appear that you can do anything about it, other than monitor and > block IP addresses. Why is your server crashing though? That shouldn't > happen ... > > -- > Tom Kaminski IIS MVP > http://www.microsoft.com/windowsserver2003/community/centers/iis/ > http://mvp.support.microsoft.com/ > http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS > > > What is Configurable Agent Identity?
Show quoteHide quote "Tom Kaminski [MVP]" wrote: > "Rijesh" <Rij***@discussions.microsoft.com> wrote in message > news:DA560DB6-C7B5-4F09-9927-D1076DD0816A@microsoft.com... > > Hi, > > > > Recently our website crashed due to malicious activities by a stranger by > > using web spider software Teleport pro. Teleport Pro is the software that > > does this web capture activity, the client that was repeatedly hitting us > > every few seconds with the 'web capture' and ultimately caused for the web > > server crashes. > > > > I did some research on how to block web spider software like Teleport pro. > I > > couldn't find any effective way to block it as it works like a browser and > > does the trick with HTTP functions. One way to block such activities is by > > blocking IP address, the way which we did. Yes, if they start it from > another > > IP address again we will be in trouble. So blocking IP address is just a > > temporary solution. > > > > I would like to know an effective way to prevent such software from > > spidering my site and making the content available off line. Can anyone > > provide some ideas to block such software activities? Is there any patch, > > method to block it with in IIS? > > > > There are some software available to protect the content that capable to > > block Teleport pro , The one is TagsLock, > > http://www.tagslock.com/tagslock_pro.htm . But I am not sure how efficient > > this software and how it works. Did anyone tested it and give me the > opinion? > > Is that cause to decrease the performance? > > > > Ultimately I want a solution to block similar software activities in an > > effective way and any advice from anyone would be grateful. > > Because it has this feature: > > "Configurable Agent Identity allows Teleport Pro to impersonate popular > browsers; gets data from even the stingiest servers" > > it doesn't appear that you can do anything about it, other than monitor and > block IP addresses. Why is your server crashing though? That shouldn't > happen ... > > -- > Tom Kaminski IIS MVP > http://www.microsoft.com/windowsserver2003/community/centers/iis/ > http://mvp.support.microsoft.com/ > http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS > > > There's a user agent string that gets sent by a web browser that identifies
the browser type and version as well as client OS. Teleport pro can be configured to send any user agent info you desire so it appears to be just another browser. Show quoteHide quote "Rijesh" <Rij***@discussions.microsoft.com> wrote in message news:62CFCECA-99E4-46C6-97AA-C01EDB0054D9@microsoft.com... > What is Configurable Agent Identity? > > "Tom Kaminski [MVP]" wrote: > >> "Rijesh" <Rij***@discussions.microsoft.com> wrote in message >> news:DA560DB6-C7B5-4F09-9927-D1076DD0816A@microsoft.com... >> > Hi, >> > >> > Recently our website crashed due to malicious activities by a stranger >> > by >> > using web spider software Teleport pro. Teleport Pro is the software >> > that >> > does this web capture activity, the client that was repeatedly hitting >> > us >> > every few seconds with the 'web capture' and ultimately caused for the >> > web >> > server crashes. >> > >> > I did some research on how to block web spider software like Teleport >> > pro. >> I >> > couldn't find any effective way to block it as it works like a browser >> > and >> > does the trick with HTTP functions. One way to block such activities is >> > by >> > blocking IP address, the way which we did. Yes, if they start it from >> another >> > IP address again we will be in trouble. So blocking IP address is just >> > a >> > temporary solution. >> > >> > I would like to know an effective way to prevent such software from >> > spidering my site and making the content available off line. Can anyone >> > provide some ideas to block such software activities? Is there any >> > patch, >> > method to block it with in IIS? >> > >> > There are some software available to protect the content that capable >> > to >> > block Teleport pro , The one is TagsLock, >> > http://www.tagslock.com/tagslock_pro.htm . But I am not sure how >> > efficient >> > this software and how it works. Did anyone tested it and give me the >> opinion? >> > Is that cause to decrease the performance? >> > >> > Ultimately I want a solution to block similar software activities in an >> > effective way and any advice from anyone would be grateful. >> >> Because it has this feature: >> >> "Configurable Agent Identity allows Teleport Pro to impersonate popular >> browsers; gets data from even the stingiest servers" >> >> it doesn't appear that you can do anything about it, other than monitor >> and >> block IP addresses. Why is your server crashing though? That shouldn't >> happen ... >> >> -- >> Tom Kaminski IIS MVP >> http://www.microsoft.com/windowsserver2003/community/centers/iis/ >> http://mvp.support.microsoft.com/ >> http://www.iistoolshed.com/ - tools, scripts, and utilities for running >> IIS >> >> >> Currently the Teleport Pro have user agent label "Teleport Pro/1.29.1718â€, so
how do I block access on the server level, if user agent is above? I know it is not feasible, but it would be an approach towards blocking of such browser access. Apache have directive to control access based on user agent, but I don't find anything in IIS. Some times these type requirement are very much needed. Thanks, Rijesh. Show quoteHide quote "Tom Kaminski [MVP]" wrote: > There's a user agent string that gets sent by a web browser that identifies > the browser type and version as well as client OS. Teleport pro can be > configured to send any user agent info you desire so it appears to be just > another browser. > > "Rijesh" <Rij***@discussions.microsoft.com> wrote in message > news:62CFCECA-99E4-46C6-97AA-C01EDB0054D9@microsoft.com... > > What is Configurable Agent Identity? > > > > "Tom Kaminski [MVP]" wrote: > > > >> "Rijesh" <Rij***@discussions.microsoft.com> wrote in message > >> news:DA560DB6-C7B5-4F09-9927-D1076DD0816A@microsoft.com... > >> > Hi, > >> > > >> > Recently our website crashed due to malicious activities by a stranger > >> > by > >> > using web spider software Teleport pro. Teleport Pro is the software > >> > that > >> > does this web capture activity, the client that was repeatedly hitting > >> > us > >> > every few seconds with the 'web capture' and ultimately caused for the > >> > web > >> > server crashes. > >> > > >> > I did some research on how to block web spider software like Teleport > >> > pro. > >> I > >> > couldn't find any effective way to block it as it works like a browser > >> > and > >> > does the trick with HTTP functions. One way to block such activities is > >> > by > >> > blocking IP address, the way which we did. Yes, if they start it from > >> another > >> > IP address again we will be in trouble. So blocking IP address is just > >> > a > >> > temporary solution. > >> > > >> > I would like to know an effective way to prevent such software from > >> > spidering my site and making the content available off line. Can anyone > >> > provide some ideas to block such software activities? Is there any > >> > patch, > >> > method to block it with in IIS? > >> > > >> > There are some software available to protect the content that capable > >> > to > >> > block Teleport pro , The one is TagsLock, > >> > http://www.tagslock.com/tagslock_pro.htm . But I am not sure how > >> > efficient > >> > this software and how it works. Did anyone tested it and give me the > >> opinion? > >> > Is that cause to decrease the performance? > >> > > >> > Ultimately I want a solution to block similar software activities in an > >> > effective way and any advice from anyone would be grateful. > >> > >> Because it has this feature: > >> > >> "Configurable Agent Identity allows Teleport Pro to impersonate popular > >> browsers; gets data from even the stingiest servers" > >> > >> it doesn't appear that you can do anything about it, other than monitor > >> and > >> block IP addresses. Why is your server crashing though? That shouldn't > >> happen ... > >> > >> -- > >> Tom Kaminski IIS MVP > >> http://www.microsoft.com/windowsserver2003/community/centers/iis/ > >> http://mvp.support.microsoft.com/ > >> http://www.iistoolshed.com/ - tools, scripts, and utilities for running > >> IIS > >> > >> > >> > > > "Rijesh" <Rij***@discussions.microsoft.com> wrote in message How about URLScan and the [DenyHeaders] section?news:D1FAF495-F159-4C94-BDAB-A0CE29C486EE@microsoft.com... > Currently the Teleport Pro have user agent label "Teleport Pro/1.29.1718", > so > how do I block access on the server level, if user agent is above? I know > it > is not feasible, but it would be an approach towards blocking of such > browser > access. Apache have directive to control access based on user agent, but I > don't find anything in IIS. Some times these type requirement are very > much > needed. http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;326444 -- Tom Kaminski IIS MVP http://www.microsoft.com/windowsserver2003/community/centers/iis/ http://mvp.support.microsoft.com/ http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS 
Other interesting topics
IIS 6 conflict using port 443 for NON-SSL traffic
IIS Challenge for Password. WinXP authenticates differently than Win2k. How to tell if IIS lockdown Tool is installed? Intranet problem - 404 and 405 errors IIS6, WIN2k3SP1 and integrated authentication Failure posting files to iis6.0 using ssl client authentication URLScan as an attack vector? Anonymous access Security concern in event viewer request certificate immediately |
|||||||||||||||||||||||
