Havester Effectiveness

Admin32 · Regular Joined: Sep 14, 2003 Posts: 74

Good morning everyone,

I've just finished installing Sentinel on my site, replacing the IP Protector I've been using until now.

First impressions are quite good, so I though I'd give it a try and see how effective it is. I launched a program in attempt to leech my site, expecting Sentinel to catch me and block my IP, but this did not happen.

From what I understand, the havester part of sentinel works by examining the HTTP requests sent from the visitor to the server, and if it sees any information that shows a 'leeching' program (such as the ones in the list of the havester section), it will automatically take action.

The program I used, is called Aeria Leech 3.2, but was not detected by Sentiel. I checked my http logs and here they are :

Code:

212.205.59.20 - - [28/Jul/2004:09:34:21 +0300] "HEAD /themes/smartDark/images/7px.gif HTTP/1.0" 200 0 "-" "-"
212.205.59.20 - - [28/Jul/2004:09:34:21 +0300] "HEAD /themes/smartDark/images/cellpic3.gif HTTP/1.0" 200 0 "-" "-"
212.205.59.20 - - [28/Jul/2004:09:34:21 +0300] "HEAD /pictures/headers/header-left.jpg HTTP/1.0" 200 0 "-" "-"
212.205.59.20 - - [28/Jul/2004:09:34:21 +0300] "HEAD /pictures/headers/header-right.jpg HTTP/1.0" 200 0 "-" "-"
212.205.59.20 - - [28/Jul/2004:09:34:22 +0300] "HEAD /modules.php?name=Alternative_Menu HTTP/1.0" 200 0 "-" "-"
212.205.59.20 - - [28/Jul/2004:09:34:22 +0300] "GET /coolmenu.css HTTP/1.0" 200 4035 "-" "-"
212.205.59.20 - - [28/Jul/2004:09:34:22 +0300] "GET /themes/smartDark/style/style.css HTTP/1.0" 200 4421 "-" "-"
212.205.59.20 - - [28/Jul/2004:09:34:22 +0300] "GET /images/blocks/group-2.gif HTTP/1.0" 200 996 "-" "-"
212.205.59.20 - - [28/Jul/2004:09:34:23 +0300] "GET /images/blocks/group-4.gif HTTP/1.0" 200 996 "-" "-"
212.205.59.20 - - [28/Jul/2004:09:34:23 +0300] "GET /themes/smartDark/images/7px.gif HTTP/1.0" 200 817 "-"

As you can see, there is no information on what agent/program is being used to leech the site, and therefore I gather that Sentiel is unable to successfully 'catch' it.

The older Protector module I used, did in fact have customisable settings such as 'pages per second' and more, to help the system 'find' a leecher according to his download patterns and this did work quite well.

My question is does Sentinell have any such settings to successfully catch leechers or does it only rely on the http requests to stop leechers from abusing our sites?

Thanks for hearing me out! Smile

Raven · Posted: Wed Jul 28, 2004 4:59 am

As we stated before, Sentinel is designed to protect a site from exploitable attacks, like SQL Injections and XSS attacks. We have purposely avoided trying to be an all-in-all to avoid bloat and response degredation. Having said that, we will look into this as a possible functionality for a future version. Thanks!

BTW, your email address is being rejected. Please verify and/or correct it

BobMarion · Posted: Wed Jul 28, 2004 10:22 am

We have considered a "Hammer Protector" but felt it would be too query intense (slowing site load times) and causing a ton of bloat.

Now with that have you noticed how many of the lines from your log have a "Request Method" of HEAD? You can block the use or the HEAD request method by adding it to your "Request Blocker" list.

Admin32 · Regular Joined: Sep 14, 2003 Posts: 74

Thanks for your reply guys,

I'm hoping to see you implement the feture as an additional option for those who are willing to add a small delay on the site's generation time, to save them from having their site leeched and watching that bandwidth meter hit the roof!