WordPress.org

Ready to get started?Download WordPress

Forums

can't block an IP....please help!!! (75 posts)

  1. Kahil
    Member
    Posted 8 years ago #

    I have added the following to my htaccess file to block a certain IP address that is spamming my site and running up my bandwidth...

    order allow,deny
    deny from 72.36.244.195
    allow from all

    this has and is working for other IP addresses, but for some reason that IP address won't stop, it is getting through somehow... it leaves a referer of http://mykahil.com:80/guestboo k/? and is trying to go to the same page over and over again... this page does not exist and all you'll get is my 404 error page...

    How can I block this IP?

    Thank you,

    Kahil

  2. Mark (podz)
    Support Maven
    Posted 8 years ago #

    Still happening?

    First thing I'd do is change your 404
    It will have less bandwidth impact if it's the default server page rather than loading images.

    Second - tried Bad-Behaviour?

    There is probably a way using the referrer info but I've forgotten it... I'll see what I can find.

  3. IIIIIIIV
    Member
    Posted 8 years ago #

    Third and best way - contact your host and get them to ban this guy at the server level. Works every time. :)

  4. Kahil
    Member
    Posted 8 years ago #

    yeah, i can't use the bad behavior plugin because of my host... i tried and bed behavior even blocked me from my own site...

    how do i change my 404? cause i've tried changing it up and even deleting it. deleting it will take you to the home page no matter what you put in there that is incorrect...

    thank you,

    Kahil

  5. Kahil
    Member
    Posted 8 years ago #

    and the thng is, its not always just from a single IP. my htaccess file has over 50 of them. the only thing they seem to have in common are that they are on foreign networks (RIPE, Latin America, Asia/Pacific, etc)

  6. Kahil
    Member
    Posted 8 years ago #

    yeah, i just checked again and somehow many of these IP addresses are getting past the whole htaccess thing...

  7. whooami
    Member
    Posted 8 years ago #

    kahil,

    if your .htaccess is done properly they shouldnt be able to. sounds like something is done correctly...

  8. davidchait
    Member
    Posted 8 years ago #

    can you post some relevant web log entries, so we can see exactly what's going on? possible that something like CG-Referrer might be able to just bounce the guy in PHP, but if you can use an htaccess-based referrer it'll be a much lower resource hit.

    I've been hit by torrential trackback spamming attempts recently, and while my new CG-Referrer is intercepting and blocking them, it's a love-hate relationship: it costs more in resources, but I get to log the attempts... Then again, the server logs should log an attempt that is htaccess-blocked, so that'd be good for most folks.

    -d

  9. whooami
    Member
    Posted 8 years ago #

    oops typo (in)correctly

  10. Kahil
    Member
    Posted 8 years ago #

    well... you can go here and see...

    http://mykahil.com/.htaccess

    72.36.244.195 and 81.177.0.130 keep getting through... and others are starting to as well... is this happening to anyone else? I just can't see so many IP addresses from all the different foreign networks happenning to just me...

    i can't figure out what is wrong with my .htaccess file. everywhere i've looked and everyone i've asked tells me to format it the same way...

  11. IIIIIIIV
    Member
    Posted 8 years ago #

    Not quite related but,

    Most of the robots you are blocking with the env matching rules obey robots.txt.

    Realted, that .htaccess looks OK to me.

  12. whooami
    Member
    Posted 8 years ago #

    ok, well for starters :) your usage of * for matching wildcards is incorrect.

    And yes, I see that the codex suggests otherwise. Its wrong as well.

    I wanted to make sure I wasnt thinking of something else so I doublechecked the apache docs for mod_access

    The correct way to handle :

    deny from 72.36.244.*

    is like so:

    deny from 72.36.244

    Fix those instances where you used the asteric and see if those ips stop getting through.

    ---

    http://httpd.apache.org/docs/1.3/mod/mod_access.html

    # Might be a good idea if info on the codex was proofed occassionally for accuracy.

    ---

    Also, make sure that your original .htaccess does not have any hidden tabs in it. Its common to see that if someone is doing editing in the cough*wrong*cough word processing application. I didnt find any in your posted version but ya never know.

  13. Kahil
    Member
    Posted 8 years ago #

    IIIIIIIV: Those robots are only there because they weren't following my robots.txt file. Never once did they visit that file, otherwise they wouldn't have gone further. Also, they were visiting pages that didn't exist and never once did. They were visiting and crawling non-stop, including ths supposed good google bot...

    Whooami: OK, I'll try that for my .htaccess file. but what I don't understand is that the ones I tried the wildcard for are ones that the whole IP address was already there and they were getting through somehow...

    Thank you

  14. Kahil
    Member
    Posted 8 years ago #

    OK, i fixed the wildcard thing and just a couple mins afterwards, i get hit again from an IP address that is on the list. if my htaccess file is formated correctly, then how are they getting through?

    Thank you

  15. whooami
    Member
    Posted 8 years ago #

    we are going to play a game, kahil :),

    add this ip: 71.195.48.163.

    to your .htaccess (thats me) block it, of course.

    and let me know when youre done ...

  16. Kahil
    Member
    Posted 8 years ago #

    done... ur added and uploaded...

  17. whooami
    Member
    Posted 8 years ago #

    very interesting, youre hosted on godaddy, Are you sure they have mod_access enabled?

  18. Kahil
    Member
    Posted 8 years ago #

    mod_access? i have no frickin idea how or what that is...

  19. whooami
    Member
    Posted 8 years ago #

    mod_access is an apache module. Its what youre using when you do the deny/allow directives, see link above.

    If its NOT installed, those rules are useless.

  20. whooami
    Member
    Posted 8 years ago #

    you can create a phpinfo file to check whats installed..

    make a file, and put this inside of it:

    <?php
    phpinfo();
    ?>

    Under "Apache" you will see the modules listed.

  21. Kahil
    Member
    Posted 8 years ago #

    but i have seen a cutback on the attacks, a strong cutback... its just a couple IPs keep getting through...

  22. whooami
    Member
    Posted 8 years ago #

    Do what I suggested, to make sure. A cutback doesnt mean anything. It might be a lull, instead, especially if you are NOT seeing 403s in your server logs.

    Ooops, I forgot, you want to make sure that file ends in .php and then call it up in your browser.

    I'll be back in a bit, Im doing laundry.

  23. Kahil
    Member
    Posted 8 years ago #

    OK, this is what my host, GoDaddy has said to my mod_access question.

    "Thank you for contacting customer support. No, mod_access is not enabled. Unfortunately, you will not be able to block IP addresses at the server level. We apologize for any inconvenience that this may cause you.

    Please let us know if we can help you in any other way.

    So basically they don't care if you content is safe or not. I've doubled checked and there is no real security features given. So... Does anyone know of a secure, comparable service? Right now I only pay $4 a month for the economy plan. I'd of course would have to be able to have a plan with decent bandwidth and space. I don't want to have to pay for more bandwidth cause i run through what i get per month, just don't want to have to worry about that...you guys know how it is and what i mean...

    unless someone knows another way for my to protect things with a godaddy account...I can't even use the bad behavior plugin...

    Thank you,

    Kahil

  24. IIIIIIIV
    Member
    Posted 8 years ago #

    That's nuts. Time to find another host. If they don't care about people slamming their servers, from things like automated open proxies and stuff, then that's a real worry.

    Find a good reputable host.

  25. Aleister
    Member
    Posted 8 years ago #

    You could just block the IP address with a little PHP in your WordPress header file. That would definitly work regardless of how your host is set.

    If the IP matches.. it simple stops loading the page.

  26. Kahil
    Member
    Posted 8 years ago #

    Aleister:

    Can you explain as to how to do that to my header file?

    I'd like to be able to just leave things where they are cause its just easier for me with my schedule, etc... plus i have prepaid for my hosting cause it was even cheaper doing so and i wouldn't have to worry about it... I still have a few months left on it... But I would like to be able to protect my files and everything... I don't want people to be able to hit and abuse my site like this anymore and to be able to keep them from roaming through folders and all that... just so that they can only visit the site itself and thats it. I think that is what most people would and do want right?

    Thank you,

    Kahil

  27. Aleister
    Member
    Posted 8 years ago #

    Here you go:

    Open up wp-blog-header.

    After the following line:

    <?php

    Add this:

    $banned_ips = array(
    "1.2.3.4",
    "1.2.3.5",
    "1.2.3.6"
    );

    if (in_array($_SERVER['REMOTE_ADDR'], $banned_ips)) {
    die();
    }

    $banned_ips is just a comma separated array of strings. It will simply compare the current users ip to the list of banned ip's and if it is found in the list, the page will not load. :)

  28. Kahil
    Member
    Posted 8 years ago #

    is there an online or supplementary source on this? I just like to double check and learn all I can about things before i do it so i can understand exactly what i'm doing...

    Thank you Aleister,

    Kahil

  29. whooami
    Member
    Posted 8 years ago #

    thats a terrible way to go.. for starters your using up precious visitor time and server resources/time DNS'ing ips before you display a page OR not.. Not at all good. Second, youre NOT doing it at the server level.

    Ditch that, kahil.

    They DO have mod_rewrite installed. You can accomplish EXACTLY the same thing using mod_rewrite.

    I am at work, but when I get home I will paste you some examples .. its NO harder then what you have been doing, and will save you the move.

    Dont sweat it.

    Talk later,

    sistah whoo

  30. Aleister
    Member
    Posted 8 years ago #

    whooami: The value REMOTE_ADDR is already present. The server is not having to do any real work. The only thing that code actually does is run a single PHP function to check and see if text is in an array. You cannot tell me that this one basic PHP function is going to be using precious visitor time :)

    I agree, there are many methods, and this is just one, but to call it a 'terrible way to go' is a bit harsh I think :)

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.