|
Welcome
Guest
|
Register
| Login
|
|
|
| Index | Recent Threads | Unanswered Threads | Who's Online | User List | Help |
Killersites.com Forum
General Web Design
Killer Web Design Tips, Secrets and Techniques.
Thread: Using .htaccess to Ban IP Addresses
|
| No member browsing this thread |
|
Thread Status: Active Thread Type: Sticky Thread Total posts in this thread: 16
|
|
| Author |
|
shelfimage
Advanced Member USA Joined: Mar 24, 2005 Post Count: 3000 Status: Offline |
I'll jump to my "Killer Tip" in a moment. First, how many of you get uce (spam) from cheap, on-line pharmacies? Thought so. So, I'm checking my stats today (keeping an eye on my pal, the Googlebot) and got curious about these referrers: just-doctor.com amoxil.4all-prescription.com birth-control-pills.doctor-here.com buy-ambien.special-medical.com credit-card-applications.4all-credit.com hydrocodone-online.professional-doctor.com hydrocodone.unique-pills.com low-apr-credit-card.immediately-credit.com mortgage-loan.yours-cash.com online-mortgage.take-mortgage.com pharmacy.available-prescription.com vicodin.unique-pills.com weight-loss-products.doctor-4all.com great-doctor.com sportsexpert.net vdiplomas.com sudtuiles.com Perhaps droves of cheap on-line pill pushers researched my web design skills. Not likely. This activity is recorded in my stats before November. These URLs were looking for email addresses and are either bots or manual searchers. I've used spamcop to report UCE, I've searched for UCE offenders and cc'd my cease and desist requests to the ftc.gov, who claim they have an interest in UCE activity. I'm a spamaficionado. I know, there's better things to do with my spare time than make a dent in spam. But, using a protected email address and keeping it isolated from my business account makes it sporty, combined with Killersites' Spam Blocker Coalition . But, consider this interesting finding! The 17 domain names above have one thing in common - they resolve to the same IP Address! 4.79.248.8 Makes banning them in the .htaccess file Easy! Banning IP Addresses Using .htaccess > > > Must use a Html Text Editor. > Step One Add this to your .htaccess file at the root www directory, in other words, don't overwrite the existing file. <Files 403.shtml> order allow,deny allow from all </Files> > Step Two Add the IP's to Ban. deny from 69.42.67.196 deny from 4.79.248.8 One line for each IP address preceded by " deny from " The .htaccess file will look like this: <Files 403.shtml> order allow,deny allow from all </Files> deny from 69.42.67.196 deny from 4.79.248.8 Easy, right? Here are some other trouble makers: 69.42.67.196 realestatehotbuys.com/euro-exchange-rate.html 69.42.75.108 realestatenow.net/xenical-84.html 69.42.75.110 realestateseller.net/sell-mortgage-notes.html 69.42.67.196 realty-refund.com/red-white-and-blue-slot-machine.html If you have any trouble makers listed in your stats to share, post them here. Please post the url as well in case someone doesn't want to block that IP... I had some offensive URLs listed. I didn't post them here in an effort to keep the post clean. I'm not sure how folks feel about having those posted...? Hope this helps cut down the spam in your inbox or contact forms.  -  ---------------------------------------- "The art of life lies in a constant readjustment to our surroundings." -Okakura Kakuzo Save the developers<!> Maine Webworks ---------------------------------------- [Edit 1 times, last edit by shelfimage at Nov 26, 2005 10:54:08 AM] |
||
|
|
LSW
Advanced Member USA Joined: Nov 27, 2003 Post Count: 6285 Status: Offline |
Well looks like a good tip. I have changed all mine, see what happens. As for the names, generally nothing against it, however it could lead to legal problems. I know of a well known "Helpful" toolbar that installed parasites on the users PC that tracked postings and the like. Word went out around M$N groups about it and they tried to raise hell with M$N to get the groups closed, but seems the feds took and interest in them and they got real quiet real fast. So yea, a "Blacklist" can be problematic and good call to wait for Stef to make a call on it. It would be his head. |
||
|
|
shelfimage
Advanced Member USA Joined: Mar 24, 2005 Post Count: 3000 Status: Offline |
@LSW Interesting about M$N groups... And I didn't think about any possible ramifications if a blacklist were started b/c of this post. thanks. ---------------------------------------- "The art of life lies in a constant readjustment to our surroundings." -Okakura Kakuzo Save the developers<!> Maine Webworks |
||
|
|
Broc
Advanced Member U.S.A. Joined: Mar 28, 2005 Post Count: 962 Status: Offline |
Any reason I couldn't specify these bans server wide in my httpd.conf file? ---------------------------------------- Broc High Tide Web Services High Tide Templates |
||
|
|
dawg
Advanced Member Joined: Jan 7, 2005 Post Count: 340 Status: Offline |
Or quite simple, just ip deny from cpanel. |
||
|
|
Broc
Advanced Member U.S.A. Joined: Mar 28, 2005 Post Count: 962 Status: Offline |
Would be nice if I had cpanel on my hosting accounts. None of them do. ---------------------------------------- Broc High Tide Web Services High Tide Templates |
||
|
|
dawg
Advanced Member Joined: Jan 7, 2005 Post Count: 340 Status: Offline |
Would be nice if I had cpanel on my hosting accounts. None of them do. cpanel is great, I would not get hosting if cpanel was not included My first host did not offer cpanel and I left them at the end of that first year despite great reliable service and uptime. |
||
|
|
shelfimage
Advanced Member USA Joined: Mar 24, 2005 Post Count: 3000 Status: Offline |
@broc: You'll have to modify your .htaccess file for each domain hosted on your server. I don't recall being able to modify a global setting using htppd.conf.  ---------------------------------------- "The art of life lies in a constant readjustment to our surroundings." -Okakura Kakuzo Save the developers<!> Maine Webworks ---------------------------------------- [Edit 1 times, last edit by shelfimage at Nov 26, 2005 10:20:12 PM] |
||
|
lm
Advanced Member Joined: Oct 27, 2004 Post Count: 2550 Status: Offline |
hi, I regularily get spam from this address: (It written like so:) "from 160.70-84-71.reverse.theplanet.com [70.84.71.160] by flh-mail.control-dns.com with SMTP" So it is from this IP: 70.84.71.160 ? Last night it was like more then 50 empty mails. ---------------------------------------- My blog |
||
|
|
shelfimage
Advanced Member USA Joined: Mar 24, 2005 Post Count: 3000 Status: Offline |
@lm, The best method to know for sure who is the sender, or the sender's IP Address, is to copy the entire header and body of the email message and paste it into spamcop's "report spam" tool. It will De-obfuscate any url's and go through the headers to see if there were any forgeries. Most spammers will put some extra lines in the headers to try to throw us off the trail. Adding the IP and mail header info in your reply into an .htaccess file will not help you b/c although it may be email sent to your domain name email address, the .htaccess file prevents user agents from accessing your web directories only. ---------------------------------------- "The art of life lies in a constant readjustment to our surroundings." -Okakura Kakuzo Save the developers<!> Maine Webworks ---------------------------------------- [Edit 1 times, last edit by shelfimage at Nov 27, 2005 10:13:03 AM] |
||
|
|
|
|
Current timezone is GMT May 21, 2012 4:34:05 AM |
