Reputation: 3158
Protecting my website from being "included"?
I have a website that provides whois information. How can I prevent that other websites use that information as a service? (using includes, string manipulation or whatever)
And if this is not possible, how can I tell which websites are using/including that information?
Upvotes: 3
Views: 105
Answers (4)
Reputation: 2650
I take it your own website responds to WHOIS queries, delivering the information to clients/users (although you were ambiguous and may just be referring to your own whois entry, in which case you need a domain registration proxy).
The solution, then, is simple. Just limit the rate at which any IP address can make a query. Make it something that a normal user will likely never hit, but that a web site could not possibly operate with. Maybe one request every 5 (or whatever) seconds is a good place to start. Tighten the limit if you, for some reason, have problems.
Even if it doesn't stop a website from pumping your API, it will slow them down so the strain on your server is negligible.
This can be used in addition to a daily limit and a modicum amount of log inspection. Manually ban IPs with suspicious activity and/or get some log monitoring software.
Upvotes: 3
Reputation: 24579
When somebody "scrapes" your website, they usually do it via automation. This will show in your server logs as thousands of requests from a single IP address. The solution is to maintain a blacklist of IP addresses that are banned from accessing your site or throttle the maximum requests from that IP address per day.
There are a few tools out there which will watch your logs and alert you to suspicious activity. These are a few I found with a Google search:
Upvotes: 1
Reputation: 2903
You can't really block them automatically as far as I know, but you can prevent this manually.
Check for the IP's of the requests, and block the IP's that makes lots of requests in short time periods, which means it can't be a standart user.
Upvotes: 0
Reputation: 629
Unless you want to deny services to your users or play the cat and mouse game, no.
Upvotes: 0
Related Questions
- How to prevent direct access to php pages through URL
- What's the best way to only allow a PHP file to be included?
- Block other websites from being used
- Securing PHP website to restrain opening it on other domains
- How can I prevent access to my PHP include files like header.php, footer.php and the likes?
- Avoid other websites query my file.php
- How can I prevent "include files" from being seen by users?
- How can I protect my included php files from direct access?
- How can I protect my site from being leeched?