Automatically ban web site hammers!
RADAR™ Referer Spam Protection!
Deny script-kiddie and h4x0r requests!
Send bad bots and spiders packing!
Ban by URL, IP, User Agent, and more!
Protect your valuable server resources for genuine clients..
Anti-Hammer is a php script that runs before your pages do, watching..
As requests arrive, Anti-Hammer checks how long it's been since that client's last request. If a reasonable amount of time has passed, the page is served as usual. But if not, their "Hammer Count" is increased. Oh oh!
When the hammer count reaches preset trigger levels, their hammering is suspended, and instead of the page, they get a cute message (read: warning), and must wait X amount of seconds before trying again.
The more they hammer, the longer they have to wait, incrementally. Simple.
You can even set an absolute cut-off point, beyond which they simply get a blank page, nothing (except a nice 503 response), until their ban lifts (hours later).
Everything is configurable.
Now with Referer Spam and h4x0r Protection!
As well as protecting your site against hammering, Anti-Hammer Pro can deny access to Referer Spammers, Content Scrapers, Script-Kiddies, h4x0rs and more. In addition to the traditional white-list/black-list approach, Anti-Hammer can perform dynamic interrogation of refererring pages, black-listing any referers which don't actually link to your site, white-listing those that do, automatically and instantly.
Anti-Hammer can also deny access to clients making requests to dubious and unimplemented resources, things like
MSOffice/cltreq.asp, and so on; whatever you need.
Why waste even a 404 page on these requests? Especially if you have a clever 404 page, like mine. With Anti-Hammer, you can cut out all the noise, take back your logs and analytics data!
Send Bad Bots and Spiders packing!
Anti-Hammer can also protect your site against known Bad bots and spiders, download engines, site suckers and more. Got yourself a HUGE list of .htaccess ban rules? Or don't have access to your .htaccess? Let Anti-Hammer handle it for you, with simpler syntax and without losing all that Regular Expression magic we know and love.
No Way Around Anti-Hammer!
Anti-Hammer uses its own php-session-like-but-better client tracking mechanism..
This works very like php sessions, except it works for ALL clients, regardless of their advertised capabilities, and works regardless of whether or not they have cookies enabled. Yes! You can even Anti-Hammer the GoogleBot! Not that you would want or need to, it's a rather well-behaved bot.
Rather than wait for some session ID to come back (that would be on the second request, you see, and we haven't even sent one yet), Anti-Hammer uses a mix of available client properties to create a unique client ID there-and-then, and from that point, recognizes the client by this ID (which is an MD5 of all that data concatenated together). It's pretty similar to the way a php_session is created, except Anti-Hammer doesn't need the browser to send anything back.
Anti-Hammer's storage mechanism (a serialized array in a flat file) is the same as a php session, too. And like a php session, it is anonymous; aside from the hammer time info, we store no other data server-side.
Unless you want that..
Anti-Hammer also comes with a mechanism to allow certain bots and other friendly spidering entities (matching specific criteria, including a known IP address/range), usually search engine spiders, to pass clean through Anti-Hammer, if required, or alternatively, allow them a faster hammer rate.
There's also the ability to allow site admins (you and your team) to bypass Anti-Hammer protection, if required. Handy for fast-working devs.
Did I mention everything is configurable?
Running Wordpress, Drupal, Joomla! or something else? Anti-Hammer doesn't care! It protects everything.
Let me tell you a wee story..
A long time ago, I created a super-simple, highly useful web script to display your current external IP Address. Over the years it has picked up quite a few users. Early in 2014 I was looking at extremely high bandwidth usage which couldn't be immediately explained. I looked more closely and started to suspect that my ip script (which bypasses the usual site logging) was the culprit. I had NO IDEA! ..
I added a logging facility to the script and waited. But not for long - the script was getting over two thousand hits per MINUTE. Over three million a day! WTF! This had been going on for a couple of months.
The trouble was, with the simple logging code in-place, the server started having serious problems and had to be temporarily brought offline (while I cleared out all the requests). It turned out that two ISP's were responsible for the onslaught - putting my IP script into their router's firmware, to be checked every thirteen seconds! I contacted them immediately and ended the madness.
The thing is, during the entire time, for months, Anti-Hammer had been dutifully screening all the requests; over three million a day; and hadn't missed a beat.
So there you have it. Anti-Hammer can handle massive amounts of traffic.
Thoroughly tested over years if active development, Anti-Hammer has been subjected to massive onslaughts from misguided nefarious entities without missing a beat! *
*Like when someone mistakenly reported in the Moroccan national press that corz.org was an Israeli site which had been "penetrated" by Arab hackers - in fact, some wannabe h4x0r had taken credit - once again - for installing my joke c99.php. Hugely funny of course, but then came half a million other wannabe h4x0rs trying the exact same thing! They are still at it, years later!
Anti-Hammer provides powerful protection for your site. It's what I use here at corz.org (what kept the .org up during that fiasco with the Moroccan national press!) and with your support, plan to keep making it better for many years to come.
Anti-Hammer comes in two flavours, FREE and Pro. The Pro version can do everything the free version can, and then some..
If you really must, you can test it here at corz.org, preferably some low content page, like this specially designed..