Blocking using .htaccess

registered · Posted: Thu Aug 17, 2006 4:06 am

I am looking for help with .htaccess

I have been getting a lot of SPAM requests on my support site and I was looking into Banning blocks of IP addresses using htaccess.

I have found several sites that help with this and have had mixed results.

This site:
[ Only registered users can see links on this board! Get registered or login! ]

states the following for this IP address 72.30.101.209 (just a yahoo):

command for htaccess: deny all from 72.30.96.0/20 to block all access from this netblock.

but when I put in this code:
deny all from 72.30.96.0/20

it blocks me (so I assume it blocks everyone)

when I take out the "all"

I think it works because I added my IP CIDR (?) code and I was blocked but recently had someone from a blocked code make it to my site.

I have also seen some people use:

deny from 72.30.96.0/72.30.96.255

but when I tried this nothing happened.

Any Ideas?

Sells PC To Pay For Divorce Joined: Posts: 5661

hi tiz..
best and most common way is to use deny from 72.30.96.0/20

Posted: Thu Aug 17, 2006 4:51 am

hitwalker wrote:

hi tiz..
best and most common way is to use deny from 72.30.96.0/20

I have several of those on my .htaccess file

one of which is:

deny from 200.88.192/18

just got a hit from this IP address:

200.88.223.98 which is in the above IP block. why is it getting through?

Posted: Thu Aug 17, 2006 5:00 am

well if they used fake / spoofed addresses then its tough to block it....

try deny from 200.88.0.0/16

Posted: Thu Aug 17, 2006 5:13 am

Added..

I am getting the IPs from the server side. Not sure how easy it is to spoof an IP address.

Posted: Thu Aug 17, 2006 5:16 am

Quote:

I am getting the IPs from the server side.

What you mean ?

Posted: Thu Aug 17, 2006 5:18 am

I am getting it in my cpanel and can see their tracking as well as if they were referred or connected directly to which page.

I also have access to raw logs..

also I am not sure any of the above means anything if spoofing the IP is easy

Posted: Thu Aug 17, 2006 5:21 am

in your cpanel?
check your error log there....
do you see that ip in there as in.....access denied by server configuration...?

Posted: Thu Aug 17, 2006 5:30 am

I get a lot of this:

[Thu Aug 17 00:58:43 2006] [error] [client 200.88.223.98] File does not exist: /home/support/public_html/403.shtml
[Thu Aug 17 00:58:43 2006] [error] [client 200.88.223.98] client denied by server configuration: /home/support/public_html/michellebook

the file he is trying to access is no longer on my server.

Posted: Thu Aug 17, 2006 5:31 am

does this mean he is blocked? if so why does it show him as a recent visitor and not just in the blocked area?

Posted: Thu Aug 17, 2006 5:33 am

yes hes blocked... Twisted Evil

you see it cause its on server level...
and why he keeps doing this is because its an idiot and uses idiot scripts...
so he's history....
have a nice day tiz..

Posted: Thu Aug 17, 2006 5:36 am

ah ok thank you.. I am now hooking some others up to if they try to hit that non-existent file they will be forwarded to an abuse script. lol

Posted: Thu Aug 17, 2006 5:39 am

better not....
you never know whats real or not...

Posted: Thu Aug 17, 2006 5:42 am

what would it do?

how would I know if its real or not? if they hit that page they will be forwarded.. when I see that in my log I can ban them correct?

Posted: Thu Aug 17, 2006 5:44 am

so your using a standard 404 redirect now?

Posted: Thu Aug 17, 2006 5:47 am

the redirect that is in Cpanel. If someone try to access a certain page they are redirected to the new one here is what it says in the log:

Host: 218.75.22.142 /michellebook/abuse/abuse.html
Http Code: 404 Date: Aug 17 02:35:42 Http Version: HTTP/1.1 Size in Bytes: -
Referer: -
Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2a) Gecko/20020910

|
|
|
/michellebook/addentry.php
Http Code: 403 Date: Aug 17 05:35:06 Http Version: HTTP/1.1 Size in Bytes: -
Referer: -
Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc1) Gecko/20020417

So I know he should be banned since that page has not been available for a long time and not to mention he goes straight to the add entry page.

Posted: Thu Aug 17, 2006 5:48 am

I just added Korea to my banned section since that was where most of the spam to my OSticket system was coming from..

Posted: Thu Aug 17, 2006 5:52 am

yeah but i mean if someone picks up a nice link from google and doesnt wanna do harm to your site he gets his ass kicked...
thats what i mean...
if you see entries to something weird like the addsign pages ,then check the ip here [ Only registered users can see links on this board! Get registered or login! ]

on the right you see...

Country Lookup
Country or 2 digit Code

put in ip and hit button..
then in top list it will show whole ranges...
then block its whole cidr

Posted: Thu Aug 17, 2006 5:57 am

good point..

I did add Korea with the site you listed. (found it not long ago)

I just added "deny from" before each of the following:

Code:

58.65.64.0/18


58.72.0.0/13


58.102.0.0/15


58.120.0.0/13


58.138.192.0/18


58.140.0.0/14


58.145.0.0/17


58.148.0.0/14


58.181.0.0/18


58.180.0.0/16


58.184.0.0/16


58.224.0.0/12


59.0.0.0/11


59.86.192.0/18


59.150.0.0/16


59.186.0.0/15


60.196.0.0/15


61.4.192.0/18


61.5.160.0/19


61.32.0.0/13


61.40.0.0/14


61.47.192.0/18


61.72.0.0/13


61.80.0.0/14


61.84.0.0/15


61.96.0.0/12


61.247.64.0/18


61.247.128.0/19


61.248.0.0/13


121.0.64.0/18


121.0.128.0/17


121.1.64.0/18


121.50.64.0/18


121.53.0.0/16


121.54.192.0/18


121.55.64.0/18


121.55.128.0/18


121.64.0.0/14


121.78.0.0/16


121.88.0.0/16


121.100.64.0/18


121.124.0.0/15


121.126.0.0/16


121.127.64.0/18


121.127.128.0/18


121.128.0.0/11


121.200.64.0/18


121.254.0.0/18


121.254.128.0/17


122.32.0.0/12


122.49.64.0/18


122.99.128.0/17


122.101.0.0/16


122.199.64.0/18


122.199.128.0/17


122.254.128.0/17


123.99.64.0/18


123.254.128.0/17


124.0.0.0/15


124.2.0.0/16


124.5.0.0/16


124.28.0.0/17


124.28.128.0/18


124.46.0.0/16


124.48.0.0/12


124.80.0.0/16


124.111.0.0/16


124.136.0.0/14


124.146.0.0/18


124.194.0.0/16


124.197.128.0/18


124.197.192.0/19


124.198.0.0/17


124.199.0.0/18


124.199.128.0/17


124.216.0.0/16


124.243.0.0/17


124.254.128.0/17


125.7.128.0/17


125.31.128.0/18


125.57.0.0/16


125.60.0.0/17


125.61.0.0/17


125.128.0.0/11


125.176.0.0/12


125.208.64.0/18


125.209.0.0/18


125.252.0.0/18


125.240.0.0/13


125.248.0.0/14


128.134.0.0/16


129.254.0.0/16


134.75.0.0/16


137.68.0.0/16


141.223.0.0/16


143.248.0.0/16


147.6.0.0/16


147.43.0.0/16


147.46.0.0/15


150.150.0.0/16


150.183.0.0/16


150.197.0.0/16


152.99.0.0/16


152.149.0.0/16


154.10.0.0/16


155.230.0.0/16


156.147.0.0/16


157.197.0.0/16


158.44.0.0/16


161.122.0.0/16


163.152.0.0/16


163.180.0.0/16


163.239.0.0/16


164.124.0.0/15


165.132.0.0/15


165.141.0.0/16


165.186.0.0/16


165.194.0.0/16


165.213.0.0/16


165.229.0.0/16


165.243.0.0/16


165.244.0.0/16


165.246.0.0/16


166.79.0.0/16


166.103.0.0/16


166.104.0.0/16


166.125.0.0/16


168.78.0.0/16


168.115.0.0/16


168.126.0.0/16


168.131.0.0/16


168.154.0.0/16


168.188.0.0/16


168.219.0.0/16


168.248.0.0/15


169.140.0.0/16


192.5.90.0/24


192.100.2.0/24


192.104.15.0/24


192.132.15.0/24


192.132.247.0/24


192.132.248.0/22


192.195.39.0/24


192.195.40.0/24


192.203.138.0/23


192.203.140.0/22


192.203.144.0/23


192.203.146.0/24


192.245.249.0/24


192.245.250.0/23


192.249.16.0/20


202.6.95.0/24


202.14.103.0/24


202.14.165.0/24


202.20.82.0/23


202.20.84.0/23


202.20.86.0/24


202.20.99.0/24


202.20.119.0/24


202.20.128.0/17


202.21.0.0/21


202.22.32.0/19


202.30.0.0/15


202.68.224.0/19


202.73.132.0/22


202.86.8.0/21


202.89.248.0/22


202.126.112.0/21


202.133.16.0/20


202.136.112.0/20


202.136.128.0/19


202.150.176.0/20


202.158.144.0/20


202.163.128.0/19


202.167.208.0/20


202.179.176.0/21


202.189.128.0/20


203.77.176.0/24


203.81.128.0/19


203.82.240.0/21


203.83.128.0/19


203.84.240.0/20


203.90.32.0/19


203.100.160.0/19


203.109.0.0/19


203.123.192.0/19


203.128.160.0/19


203.128.192.0/19


203.130.64.0/18


203.132.160.0/19


203.133.160.0/19


203.142.160.0/19


203.152.160.0/19


203.153.144.0/20


203.170.96.0/19


203.171.160.0/19


203.173.96.0/19


203.175.32.0/19


203.207.16.0/20


203.210.16.0/20


203.210.32.0/19


203.212.96.0/19


203.212.160.0/19


203.215.192.0/19


203.216.160.0/19


203.217.192.0/18


203.223.96.0/19


203.224.0.0/11


206.219.0.0/18


210.0.32.0/19


210.2.32.0/19


210.16.192.0/18


210.57.224.0/19


210.80.96.0/19


210.87.192.0/19


210.89.160.0/19


210.90.0.0/15


210.92.0.0/14


210.96.0.0/11


210.178.0.0/15


210.180.0.0/14


210.192.64.0/19


210.204.0.0/14


210.210.192.0/18


210.216.0.0/13


211.32.0.0/11


211.104.0.0/13


211.112.0.0/13


211.168.0.0/13


211.176.0.0/12


211.192.0.0/10


218.36.0.0/14


218.48.0.0/13


218.101.128.0/17


218.144.0.0/12


218.209.0.0/16


218.232.0.0/13


219.240.0.0/15


219.248.0.0/13


220.64.0.0/11


220.103.0.0/16


220.116.0.0/14


220.120.0.0/13


220.149.0.0/16


220.230.0.0/16


221.132.64.0/19


221.133.48.0/20


221.133.128.0/18


221.138.0.0/15


221.140.0.0/14


221.144.0.0/12


221.160.0.0/13


221.168.0.0/16


222.96.0.0/12


222.112.0.0/13


222.120.0.0/15


222.122.0.0/16


222.231.0.0/18


222.232.0.0/13


222.251.128.0/17

Posted: Thu Aug 17, 2006 5:59 am

well im finshing my new setup site i hope today...
then visit and ill publish full banned countries ranges....

Posted: Thu Aug 17, 2006 6:02 am

sure will.. well I need to get some sleep.. I have been up way to long

Thank you for the help again

Posted: Thu Aug 17, 2006 6:04 am

goodnight..

Posted: Fri Aug 18, 2006 2:53 am

If anyone is interested I have a lot of deny ranges for China, Korea, Inda, Vietnam, Dominican Republic, Russia, Turkey, and a few others.

I have saved some as Word docs but the others are in my .htaccess file.

If anyone wants it I will make it available.

all are in the "deny from" format.

Posted: Sat Aug 19, 2006 2:27 am

Does Sentinel with the IP2Countries table do that already?

Posted: Sat Aug 19, 2006 8:27 am

yes but the program they are using to Spam me is not through Sentinel so no luck there.