This software needs an update!
Automatically ban web site hammers!
RADAR™ Referer Spam Protection!
Deny script-kiddie and h4x0r requests!
Send bad bots and spiders packing!
Ban by URL, IP, User Agent, and more!
Protect your valuable server resources for genuine clients..
Anti-Hammer is a php script that runs before your pages do, watching..
As requests arrive, Anti-Hammer checks how long it's been since that client's last request. If a reasonable amount of time has passed, the page is served as usual. But if not, their "Hammer Count" is increased. Oh oh!
When the hammer count reaches preset trigger levels, their hammering is suspended, and instead of the page, they get a cute message (read: warning), and must wait X amount of seconds before trying again.
The more they hammer, the longer they have to wait, incrementally. Simple.
You can even set an absolute cut-off point, beyond which they simply get a blank page, nothing (except a nice 503 response), until their ban lifts (hours later).
Everything is configurable.
Now with Referer Spam and h4x0r Protection!
As well as protecting your site against hammering, Anti-Hammer Pro can deny access to Referer Spammers, Content Scrapers, Script-Kiddies, h4x0rs and more. In addition to the traditional white-list/black-list approach, Anti-Hammer can perform dynamic interrogation of refererring pages, black-listing any referers which don't actually link to your site, white-listing those that do, automatically and instantly.
Anti-Hammer can also deny access to clients making requests to dubious and unimplemented resources, things like
MSOffice/cltreq.asp, and so on; whatever you need.
Why waste even a 404 page on these requests? Especially if you have a clever 404 page, like mine. With Anti-Hammer, you can cut out all the noise, take back your logs and analytics data!
Send Bad Bots and Spiders packing!
Anti-Hammer can also protect your site against known Bad bots and spiders, download engines, site suckers and more. Got yourself a HUGE list of .htaccess ban rules? Or don't have access to your .htaccess? Let Anti-Hammer handle it for you, with simpler syntax and without losing all that Regular Expression magic we know and love.
No Way Around Anti-Hammer!
Anti-Hammer uses its own php-session-like-but-better client tracking mechanism..
This works very like php sessions, except it works for ALL clients, regardless of their advertised capabilities, and works regardless of whether or not they have cookies enabled. Yes! You can even Anti-Hammer the GoogleBot! Not that you would want or need to, it's a rather well-behaved bot.
Rather than wait for some session ID to come back (that would be on the second request, you see, and we haven't even sent one yet), Anti-Hammer uses a mix of available client properties to create a unique client ID there-and-then, and from that point, recognizes the client by this ID (which is an MD5 of all that data concatenated together). It's pretty similar to the way a php_session is created, except Anti-Hammer doesn't need the browser to send anything back.
Anti-Hammer's storage mechanism (a serialized array in a flat file) is the same as a php session, too. And like a php session, it is anonymous; aside from the hammer time info, we store no other data server-side.
Unless you want that..
Anti-Hammer also comes with a mechanism to allow certain bots and other friendly spidering entities (matching specific criteria, including a known IP address/range), usually search engine spiders, to pass clean through Anti-Hammer, if required, or alternatively, allow them a faster hammer rate.
There's also the ability to allow site admins (you and your team) to bypass Anti-Hammer protection, if required. Handy for fast-working devs.
Did I mention everything is configurable?
Running Wordpress, Drupal, Joomla! or something else? Anti-Hammer doesn't care! It protects everything.
Let me tell you a wee story..
A long time ago, I created a super-simple, highly useful web script to display your current external IP Address. Over the years it has picked up quite a few users. Early in 2014 I was looking at extremely high bandwidth usage which couldn't be immediately explained. I looked more closely and started to suspect that my ip script (which bypasses the usual site logging) was the culprit. I had NO IDEA! ..
I added a logging facility to the script and waited. But not for long - the script was getting over two thousand hits per MINUTE. Over three million a day! WTF! This had been going on for a couple of months.
The trouble was, with the simple logging code in-place, the server started having serious problems and had to be temporarily brought offline (while I cleared out all the requests). It turned out that two ISP's were responsible for the onslaught - putting my IP script into their router's firmware, to be checked every thirteen seconds! I contacted them immediately and ended the madness.
The thing is, during the entire time, for months, Anti-Hammer had been dutifully screening all the requests; over three million a day; and hadn't missed a beat.
So there you have it. Anti-Hammer can handle massive amounts of traffic.
Thoroughly tested over years if active development, Anti-Hammer has been subjected to massive onslaughts from misguided nefarious entities without missing a beat! *
*Like when someone mistakenly reported in the Moroccan national press that corz.org was an Israeli site which had been "penetrated" by Arab hackers - in fact, some wannabe h4x0r had taken credit - once again - for installing my joke c99.php. Hugely funny of course, but then came half a million other wannabe h4x0rs trying the exact same thing! They are still at it, years later!
What you get with Anti-Hammer..
All the regular Anti-Hammer goodies, hammer/DOS protection, fully configurable triggers, unstoppable sessions, admin-bypass, bot exemption lists, comprehensive logging and so on.
Responsive Adaptive Dynamic Anti-Referer (RADAR)™ Referer Spam Protection!
Site logs and Analytics filling up with referer spam? Content Scrapers re-purposing your carefully crafted content? Anti-Hammer Pro can not only work with black and white lists of referers, but create them, automatically! with live referer interrogation. RADAR™ is fully configurable, with a range of useful options.
Got nasty h4x0rs trying to load your system password file, admin scripts, dlls.. Stop those wee devils in their tracks!
USER AGENT Protection
Recognize and defeat known bad entities without .htaccess hacking!
IP Address Bans
Faster and simpler than .htaccess hacking - let Anti-Hammer Pro handle your IP Banning needs.
Skip special POST Variables
You can create variables enabling your own back-end scripts to bypass Anti-Hammer Protection - handy for AJAX-heavy sites and other tricks
Configurable Target Data..
You can configure which parts of the client's data to mix into their unique session ID: User Agent, HTTP Accepts, Language, Encoding and other parameters, for whatever reason.
Seo Indexes (duplicate content protection!)
Running before your pages do is a handy place to do some useful things, like transform those nasty duplicate
/index.phplinks into plain SEO-friendly
Thoroughly tested over years if active development, Anti-Hammer has been subjected to massive onslaughts from nefarious entities without missing a beat.
More to come!
You can view the php source code here..
And download a ready-to-go zip package, right here..
click to see zip archive contents
# made with checksum.. point-and-click hashing for windows (64-bit edition). # from corz.org.. http://corz.org/windows/software/checksum/ # #md5#Anti-Hammer.firstname.lastname@example.org:05 100917d4ad069a0e65e053892ae793d1 *Anti-Hammer.zip #sha1#Anti-Hammer.email@example.com:05 4377dab6fb5c72279361b04d66d89c68f1f47503 *Anti-Hammer.zip
If you have any problems at all, installing or using Anti-Hammer, please feel free to leave a comment, or contact me some other way, let me know about it, so I can fix it, thanks!