| Author |
Message |
Tizwit
Involved
Joined: Aug 29, 2004
Posts: 324
Location: New Mexico
|
 Posted:
Thu Aug 17, 2006 4:06 am |
|
I am looking for help with .htaccess
I have been getting a lot of SPAM requests on my support site and I was looking into Banning blocks of IP addresses using htaccess.
I have found several sites that help with this and have had mixed results.
This site:
http://www.hifihosting.com/ip_netblock_cidr.php
states the following for this IP address 72.30.101.209 (just a yahoo):
command for htaccess: deny all from 72.30.96.0/20 to block all access from this netblock.
but when I put in this code:
deny all from 72.30.96.0/20
it blocks me (so I assume it blocks everyone)
when I take out the "all"
I think it works because I added my IP CIDR (?) code and I was blocked but recently had someone from a blocked code make it to my site.
I have also seen some people use:
deny from 72.30.96.0/72.30.96.255
but when I tried this nothing happened.
Any Ideas? |
_________________
Brian
www.4Support.org
Helping the Children in the NM Children's Hospital |
|
 
|
|
hitwalker
Sells PC To Pay For Divorce
Joined:
Posts: 5661
|
| Posted:
Thu Aug 17, 2006 4:43 am |
|
hi tiz..
best and most common way is to use deny from 72.30.96.0/20 |
| |
|
|
|
|
Tizwit
|
| Posted:
Thu Aug 17, 2006 4:51 am |
|
| hitwalker wrote: | hi tiz..
best and most common way is to use deny from 72.30.96.0/20 |
I have several of those on my .htaccess file
one of which is:
deny from 200.88.192/18
just got a hit from this IP address:
200.88.223.98 which is in the above IP block. why is it getting through? |
| |
|
|
|
|
hitwalker
|
| Posted:
Thu Aug 17, 2006 5:00 am |
|
well if they used fake / spoofed addresses then its tough to block it....
try deny from 200.88.0.0/16 |
| |
|
|
|
|
Tizwit
|
| Posted:
Thu Aug 17, 2006 5:13 am |
|
Added..
I am getting the IPs from the server side. Not sure how easy it is to spoof an IP address. |
| |
|
|
|
|
hitwalker
|
| Posted:
Thu Aug 17, 2006 5:16 am |
|
| Quote: | | I am getting the IPs from the server side. |
What you mean ? |
| |
|
|
|
|
Tizwit
|
| Posted:
Thu Aug 17, 2006 5:18 am |
|
I am getting it in my cpanel and can see their tracking as well as if they were referred or connected directly to which page.
I also have access to raw logs..
also I am not sure any of the above means anything if spoofing the IP is easy |
| |
|
|
|
|
hitwalker
|
| Posted:
Thu Aug 17, 2006 5:21 am |
|
in your cpanel?
check your error log there....
do you see that ip in there as in.....access denied by server configuration...? |
| |
|
|
|
|
Tizwit
|
| Posted:
Thu Aug 17, 2006 5:30 am |
|
I get a lot of this:
[Thu Aug 17 00:58:43 2006] [error] [client 200.88.223.98] File does not exist: /home/support/public_html/403.shtml
[Thu Aug 17 00:58:43 2006] [error] [client 200.88.223.98] client denied by server configuration: /home/support/public_html/michellebook
the file he is trying to access is no longer on my server. |
| |
|
|
|
|
Tizwit
|
| Posted:
Thu Aug 17, 2006 5:31 am |
|
does this mean he is blocked? if so why does it show him as a recent visitor and not just in the blocked area? |
| |
|
|
|
|
hitwalker
|
| Posted:
Thu Aug 17, 2006 5:33 am |
|
yes hes blocked... 
you see it cause its on server level...
and why he keeps doing this is because its an idiot and uses idiot scripts...
so he's history....
have a nice day tiz.. |
| |
|
|
|
|
Tizwit
|
| Posted:
Thu Aug 17, 2006 5:36 am |
|
ah ok thank you.. I am now hooking some others up to if they try to hit that non-existent file they will be forwarded to an abuse script. lol |
| |
|
|
|
|
hitwalker
|
| Posted:
Thu Aug 17, 2006 5:39 am |
|
better not....
you never know whats real or not... |
| |
|
|
|
|
Tizwit
|
| Posted:
Thu Aug 17, 2006 5:42 am |
|
what would it do?
how would I know if its real or not? if they hit that page they will be forwarded.. when I see that in my log I can ban them correct? |
| |
|
|
|
|
hitwalker
|
| Posted:
Thu Aug 17, 2006 5:44 am |
|
so your using a standard 404 redirect now? |
| |
|
|
|
|
Tizwit
|
| Posted:
Thu Aug 17, 2006 5:47 am |
|
the redirect that is in Cpanel. If someone try to access a certain page they are redirected to the new one here is what it says in the log:
Host: 218.75.22.142 /michellebook/abuse/abuse.html
Http Code: 404 Date: Aug 17 02:35:42 Http Version: HTTP/1.1 Size in Bytes: -
Referer: -
Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2a) Gecko/20020910
|
|
|
/michellebook/addentry.php
Http Code: 403 Date: Aug 17 05:35:06 Http Version: HTTP/1.1 Size in Bytes: -
Referer: -
Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc1) Gecko/20020417
So I know he should be banned since that page has not been available for a long time and not to mention he goes straight to the add entry page. |
| |
|
|
|
|
Tizwit
|
| Posted:
Thu Aug 17, 2006 5:48 am |
|
I just added Korea to my banned section since that was where most of the spam to my OSticket system was coming from.. |
| |
|
|
|
|
hitwalker
|
| Posted:
Thu Aug 17, 2006 5:52 am |
|
yeah but i mean if someone picks up a nice link from google and doesnt wanna do harm to your site he gets his ass kicked...
thats what i mean...
if you see entries to something weird like the addsign pages ,then check the ip here http://software77.net/cgi-bin/ip-country/geo-ip.pl
on the right you see...
Country Lookup
Country or 2 digit Code
put in ip and hit button..
then in top list it will show whole ranges...
then block its whole cidr |
| |
|
|
|
|
Tizwit
|
| Posted:
Thu Aug 17, 2006 5:57 am |
|
good point..
I did add Korea with the site you listed. (found it not long ago)
I just added "deny from" before each of the following:
Code:58.65.64.0/18
58.72.0.0/13
58.102.0.0/15
58.120.0.0/13
58.138.192.0/18
58.140.0.0/14
58.145.0.0/17
58.148.0.0/14
58.181.0.0/18
58.180.0.0/16
58.184.0.0/16
58.224.0.0/12
59.0.0.0/11
59.86.192.0/18
59.150.0.0/16
59.186.0.0/15
60.196.0.0/15
61.4.192.0/18
61.5.160.0/19
61.32.0.0/13
61.40.0.0/14
61.47.192.0/18
61.72.0.0/13
61.80.0.0/14
61.84.0.0/15
61.96.0.0/12
61.247.64.0/18
61.247.128.0/19
61.248.0.0/13
121.0.64.0/18
121.0.128.0/17
121.1.64.0/18
121.50.64.0/18
121.53.0.0/16
121.54.192.0/18
121.55.64.0/18
121.55.128.0/18
121.64.0.0/14
121.78.0.0/16
121.88.0.0/16
121.100.64.0/18
121.124.0.0/15
121.126.0.0/16
121.127.64.0/18
121.127.128.0/18
121.128.0.0/11
121.200.64.0/18
121.254.0.0/18
121.254.128.0/17
122.32.0.0/12
122.49.64.0/18
122.99.128.0/17
122.101.0.0/16
122.199.64.0/18
122.199.128.0/17
122.254.128.0/17
123.99.64.0/18
123.254.128.0/17
124.0.0.0/15
124.2.0.0/16
124.5.0.0/16
124.28.0.0/17
124.28.128.0/18
124.46.0.0/16
124.48.0.0/12
124.80.0.0/16
124.111.0.0/16
124.136.0.0/14
124.146.0.0/18
124.194.0.0/16
124.197.128.0/18
124.197.192.0/19
124.198.0.0/17
124.199.0.0/18
124.199.128.0/17
124.216.0.0/16
124.243.0.0/17
124.254.128.0/17
125.7.128.0/17
125.31.128.0/18
125.57.0.0/16
125.60.0.0/17
125.61.0.0/17
125.128.0.0/11
125.176.0.0/12
125.208.64.0/18
125.209.0.0/18
125.252.0.0/18
125.240.0.0/13
125.248.0.0/14
128.134.0.0/16
129.254.0.0/16
134.75.0.0/16
137.68.0.0/16
141.223.0.0/16
143.248.0.0/16
147.6.0.0/16
147.43.0.0/16
147.46.0.0/15
150.150.0.0/16
150.183.0.0/16
150.197.0.0/16
152.99.0.0/16
152.149.0.0/16
154.10.0.0/16
155.230.0.0/16
156.147.0.0/16
157.197.0.0/16
158.44.0.0/16
161.122.0.0/16
163.152.0.0/16
163.180.0.0/16
163.239.0.0/16
164.124.0.0/15
165.132.0.0/15
165.141.0.0/16
165.186.0.0/16
165.194.0.0/16
165.213.0.0/16
165.229.0.0/16
165.243.0.0/16
165.244.0.0/16
165.246.0.0/16
166.79.0.0/16
166.103.0.0/16
166.104.0.0/16
166.125.0.0/16
168.78.0.0/16
168.115.0.0/16
168.126.0.0/16
168.131.0.0/16
168.154.0.0/16
168.188.0.0/16
168.219.0.0/16
168.248.0.0/15
169.140.0.0/16
192.5.90.0/24
192.100.2.0/24
192.104.15.0/24
192.132.15.0/24
192.132.247.0/24
192.132.248.0/22
192.195.39.0/24
192.195.40.0/24
192.203.138.0/23
192.203.140.0/22
192.203.144.0/23
192.203.146.0/24
192.245.249.0/24
192.245.250.0/23
192.249.16.0/20
202.6.95.0/24
202.14.103.0/24
202.14.165.0/24
202.20.82.0/23
202.20.84.0/23
202.20.86.0/24
202.20.99.0/24
202.20.119.0/24
202.20.128.0/17
202.21.0.0/21
202.22.32.0/19
202.30.0.0/15
202.68.224.0/19
202.73.132.0/22
202.86.8.0/21
202.89.248.0/22
202.126.112.0/21
202.133.16.0/20
202.136.112.0/20
202.136.128.0/19
202.150.176.0/20
202.158.144.0/20
202.163.128.0/19
202.167.208.0/20
202.179.176.0/21
202.189.128.0/20
203.77.176.0/24
203.81.128.0/19
203.82.240.0/21
203.83.128.0/19
203.84.240.0/20
203.90.32.0/19
203.100.160.0/19
203.109.0.0/19
203.123.192.0/19
203.128.160.0/19
203.128.192.0/19
203.130.64.0/18
203.132.160.0/19
203.133.160.0/19
203.142.160.0/19
203.152.160.0/19
203.153.144.0/20
203.170.96.0/19
203.171.160.0/19
203.173.96.0/19
203.175.32.0/19
203.207.16.0/20
203.210.16.0/20
203.210.32.0/19
203.212.96.0/19
203.212.160.0/19
203.215.192.0/19
203.216.160.0/19
203.217.192.0/18
203.223.96.0/19
203.224.0.0/11
206.219.0.0/18
210.0.32.0/19
210.2.32.0/19
210.16.192.0/18
210.57.224.0/19
210.80.96.0/19
210.87.192.0/19
210.89.160.0/19
210.90.0.0/15
210.92.0.0/14
210.96.0.0/11
210.178.0.0/15
210.180.0.0/14
210.192.64.0/19
210.204.0.0/14
210.210.192.0/18
210.216.0.0/13
211.32.0.0/11
211.104.0.0/13
211.112.0.0/13
211.168.0.0/13
211.176.0.0/12
211.192.0.0/10
218.36.0.0/14
218.48.0.0/13
218.101.128.0/17
218.144.0.0/12
218.209.0.0/16
218.232.0.0/13
219.240.0.0/15
219.248.0.0/13
220.64.0.0/11
220.103.0.0/16
220.116.0.0/14
220.120.0.0/13
220.149.0.0/16
220.230.0.0/16
221.132.64.0/19
221.133.48.0/20
221.133.128.0/18
221.138.0.0/15
221.140.0.0/14
221.144.0.0/12
221.160.0.0/13
221.168.0.0/16
222.96.0.0/12
222.112.0.0/13
222.120.0.0/15
222.122.0.0/16
222.231.0.0/18
222.232.0.0/13
222.251.128.0/17
|
|
| |
|
|
|
|
hitwalker
|
| Posted:
Thu Aug 17, 2006 5:59 am |
|
well im finshing my new setup site i hope today...
then visit and ill publish full banned countries ranges.... |
| |
|
|
|
|
Tizwit
|
| Posted:
Thu Aug 17, 2006 6:02 am |
|
sure will.. well I need to get some sleep.. I have been up way to long
Thank you for the help again |
| |
|
|
|
|
hitwalker
|
| Posted:
Thu Aug 17, 2006 6:04 am |
|
 goodnight.. |
| |
|
|
|
|
Tizwit
|
| Posted:
Fri Aug 18, 2006 2:53 am |
|
If anyone is interested I have a lot of deny ranges for China, Korea, Inda, Vietnam, Dominican Republic, Russia, Turkey, and a few others.
I have saved some as Word docs but the others are in my .htaccess file.
If anyone wants it I will make it available.
all are in the "deny from" format. |
| |
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Sat Aug 19, 2006 2:27 am |
|
Does Sentinel with the IP2Countries table do that already? |
_________________
- Only registered users can see links on this board! Get registered or login! -
Need help? Only registered users can see links on this board! Get registered or login! |
|
|
|
|
Tizwit
|
| Posted:
Sat Aug 19, 2006 8:27 am |
|
yes but the program they are using to Spam me is not through Sentinel so no luck there. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
