wtf? ddos help me^^

[Артёмка]

Приветствую, сам новичок в делах защиты от ддоса , прошу совета :

идет ддос, в логах:

лог

93.180.197.11 - - [12/Nov/2011:15:52:23 +0300] "GET /index.php HTTP/1.1" 403 162 "-" "Mozilla/3.0 (compatible; Indy Library)" "-"
46.146.104.132 - - [12/Nov/2011:15:52:22 +0300] "GET /index.php HTTP/1.1" 403 162 "-" "Mozilla/3.0 (compatible; Indy Library)" "-"
46.146.104.132 - - [12/Nov/2011:15:52:22 +0300] "GET /index.php HTTP/1.1" 403 162 "-" "Mozilla/3.0 (compatible; Indy Library)" "-"
195.20.125.11 - - [12/Nov/2011:15:52:22 +0300] "GET /index.php HTTP/1.1" 403 162 "-" "Mozilla/3.0 (compatible; Indy Library)" "-"
195.20.125.11 - - [12/Nov/2011:15:52:22 +0300] "GET /index.php HTTP/1.1" 403 162 "-" "Mozilla/3.0 (compatible; Indy Library)" "-"
178.215.115.45 - - [12/Nov/2011:15:52:22 +0300] "GET /index.php HTTP/1.1" 403 162 "-" "Mozilla/3.0 (compatible; Indy Library)" "-"
178.215.115.45 - - [12/Nov/2011:15:52:22 +0300] "GET /index.php HTTP/1.1" 403 162 "-" "Mozilla/3.0 (compatible; Indy Library)" "-"
89.178.36.129 - - [12/Nov/2011:15:52:22 +0300] "GET /index.php HTTP/1.1" 403 162 "-" "Mozilla/3.0 (compatible; Indy Library)" "-"
89.178.36.129 - - [12/Nov/2011:15:52:22 +0300] "GET /index.php HTTP/1.1" 403 162 "-" "Mozilla/3.0 (compatible; Indy Library)" "-"
46.146.181.116 - - [12/Nov/2011:15:52:23 +0300] "GET /index.php HTTP/1.1" 403 162 "-" "Mozilla/3.0 (compatible; Indy Library)" "-"
109.111.131.63 - - [12/Nov/2011:15:52:22 +0300] "GET /index.php HTTP/1.1" 403 162 "-" "Mozilla/3.0 (compatible; Indy Library)" "-"
109.111.131.63 - - [12/Nov/2011:15:52:22 +0300] "GET /index.php HTTP/1.1" 403 162 "-" "Mozilla/3.0 (compatible; Indy Library)" "-"
195.191.246.1 - - [12/Nov/2011:15:52:22 +0300] "GET /index.php HTTP/1.1" 403 162 "-" "Mozilla/3.0 (compatible; Indy Library)" "-"
195.191.246.1 - - [12/Nov/2011:15:52:22 +0300] "GET /index.php HTTP/1.1" 403 162 "-" "Mozilla/3.0 (compatible; Indy Library)" "-"
95.52.134.232 - - [12/Nov/2011:15:52:22 +0300] "GET /index.php HTTP/1.1" 403 162 "-" "Mozilla/3.0 (compatible; Indy Library)" "-"
95.52.134.232 - - [12/Nov/2011:15:52:22 +0300] "GET /index.php HTTP/1.1" 403 162 "-" "Mozilla/3.0 (compatible; Indy Library)" "-"
178.47.211.12 - - [12/Nov/2011:15:52:23 +0300] "GET /index.php HTTP/1.1" 403 162 "-" "Mozilla/3.0 (compatible; Indy Library)" "-"
178.47.211.12 - - [12/Nov/2011:15:52:23 +0300] "GET /index.php HTTP/1.1" 403 162 "-" "Mozilla/3.0 (compatible; Indy Library)" "-"
109.70.184.146 - - [12/Nov/2011:15:52:23 +0300] "GET /index.php HTTP/1.1" 403 162 "-" "Mozilla/3.0 (compatible; Indy Library)" "-"
109.70.184.146 - - [12/Nov/2011:15:52:23 +0300] "GET /index.php HTTP/1.1" 403 162 "-" "Mozilla/3.0 (compatible; Indy Library)" "-"
93.175.207.239 - - [12/Nov/2011:15:52:23 +0300] "GET /index.php HTTP/1.1" 403 162 "-" "Mozilla/3.0 (compatible; Indy Library)" "-"

даг что мне не понятно , список ипов вида:
95.*.*.*
93.*.*.*
91.*.*.*
84.*.*.*
46.*.*.*
*.*.* - разные цифры
и так далее , отловил ~7к ипов
1 ип = 1 соединение , бывает 2-3
что мне не понятно, это что такой за ддос и ваще ддос ли с разных сеток? к чему я это...на мой говно проект только дурак будет тратить деньги на ддос, т.к тут я так понимаю заражены сетки либо я херни несу?
сайт на вдс, хостер ваще не шарящий так что спросить не у кого.
и еще вопрос:
иптаблес бывает орет при добавление новых ипов в бан:
iptables: Unknown error 18446744073709551615
что значит кто нибудь в курсе? переполнен? или какое то ограничение на вдс?

[Deron]

Защита тока Iptables или еще что то?

[Артёмка]

да какбе иптаблес тут и не помогает , отбиваю другими методами

[Dizband]

Грепать по браузеру и сносить, если не рандомый. И естественно использовать ipset, не грузите iptables.

[Aquanox]

inside .htaccess or apache configuration

Код:

BrowserMatch "(compatible; Indy Library)" indy_library
Deny from env=indy_library

Если есть mod_rewrite

Код:

RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} Indy*
RewriteRule (.*) - [F]

нагуглил за 1 клик

http://www.phpbbguru.net/community/topic5760.html

Код:

RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.* - [F,L]

[Артёмка]

забейте я не много не о том хотел спросить, как защитится я и так в курсе