WordPress.org

Support

Support » How-To and Troubleshooting » Blocking IPs with .htaccess

Blocking IPs with .htaccess

  • Hi all,

    I know it’s futile to try to ban every spammer, but I’d like to ban at least a few of the more prolific ones that keep coming back to my site from the same subnets. However, although I’ve tried modifying htaccess to keep them out, they keep coming back. I’ve followed instructions I’ve found on this site and elsewhere, without success. These are the very first lines of my htaccess file:

    order deny,allow
    deny from 81.177.15.*
    deny from 81.177.14.*
    deny from 85.255.113.*
    deny from 85.255.114.*
    deny from 195.225.176.86
    deny from 85.255.117.250
    allow from all

    Can anyone see an error in that? How come people from those subnets are still able to access my site?

Viewing 15 replies - 1 through 15 (of 21 total)
  • I sure can.

    your usage of the asterics as a wild card is incorrect.

    deny from 85.255.114.* == wrong
    deny from 85.255.114 == correct

    http://wreq.cgd.ucar.edu/manual/mod/mod_access.html

    Best to read up on what you are using it before reading it.

    I tried it without the asterisks first, actually, and that didn’t work either (I looked into this before posting here and I found some sites that say to use them, others that don’t). Could there be some way to bypass htaccess, or is there any other error in my code?

    Chris_K
    Member

    @handysolo

    Any compelling reason not to just use plugins that block most of this stuff? (top post in the threads. Sticky. Has “Spam” in the title.)

    I have Akismet, which catches a great deal of spam, but on occasion a few do slip through. It’d be nice if I could cut out the middleman and just block these IPs directly. Is there a plugin that does that? I didn’t see one in the sticky thread.

    Bad Behavior…

    Chris_K
    Member

    @handysolo

    I agree with Yosemite. BB blocks 100’s a day for me.

    Ebonmuse, if it didnt work without the asterics then there’s a good chance your host doesnt have mod_access enabled. Are you with Godaddy by chance? If so, thats prolly the case.

    The way I showed you is the correct way to block ips using mod_access, regardless of what any site that tells you to use them says.

    I pasted a link to a mirror of the Apache docs above to reinforce what I said. I’m willing to bet they know what they’re talking about.

    Merely reading something here doesnt mean its the correct way.

    Combination of Akismet and Bad Behavior is the Best.

    Actually I thought it was this:

    deny from 85.255.114.

    Note the period at the end.

    Donncha mentioned an extention that will fill out the htaccess file while deleteing the spam. Maybe helpful. 🙂

    and thats wrong. drmike.

    http://httpd.apache.org/docs/1.3/mod/mod_access.html

    From the horses mouth:

    A full IP address
    Example: Allow from 10.1.2.3
    An IP address of a host allowed access
    A partial IP address
    Example: Allow from 10.1
    The first 1 to 3 bytes of an IP address, for subnet restriction.

    If mod_access is unavailable, use mod_rewrite instead. 🙂

    RewriteCond %{REMOTE_ADDR} ^81.177.15 [OR]
    RewriteCond %{REMOTE_ADDR} ^81.177.14 [OR]
    RewriteCond %{REMOTE_ADDR} ^85.255.113 [OR]
    RewriteCond %{REMOTE_ADDR} ^85.255.114 [OR]
    RewriteCond %{REMOTE_ADDR} ^195.225.176.86 [OR]
    RewriteCond %{REMOTE_ADDR} ^85.255.117.250
    RewriteRule ^.*$ - [F]

    If you’d prefer to tell these IP’s that they’re jerks instead of simply blocking them, change the last line to these two instead:
    RewriteCond %{REQUEST_URI} !^/forbidden.html$
    RewriteRule ^.*$ /forbidden.html

    And make a forbidden.html file, where you can curse at them all you like.

    I learned dr. mike ways ages ago. and always used it. it seems apache docs say different though. I think that format actually belongs to another service.

    war59312
    Participant

    @war59312

    Dude, here you go:

    order allow,deny
    deny from 81.177.15
    deny from 81.177.14
    deny from 85.255.113
    deny from 85.255.114
    deny from 195.225.176.86
    deny from 85.255.117.250
    allow from all

    You just had the order wrong. You where denying them but then you allowed everyone. So you where simply overiding the deny by allowing from everyone.

    The file is read in order. That is why the first line is always the order of which you want the htaccess file to be processed.

    war caught the other mistake, very nice catch, war59312!

    war59312
    Participant

    @war59312

    Hey,

    Also, check out this plug-in. I believe it does what you want. 🙂 Such as banning by IP address:

    http://www.deliciousdays.com/smp-plugin

    Take Care,

    Will

Viewing 15 replies - 1 through 15 (of 21 total)
  • The topic ‘Blocking IPs with .htaccess’ is closed to new replies.