SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Evangelist
    Join Date
    May 2003
    Posts
    595
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Denying an IP address does not work ?

    Hi,

    Here is the .htaccess in the web root path (public_html):

    Code:
    ErrorDocument 404 /404.php
    
    php_value display_errors 0
    php_value log_errors 1
    
    # The following makes adjustments to the SSL protocol for Internet
    # Explorer browsers
    
    <IfModule mod_setenvif.c>
      <IfDefine SSL>
        SetEnvIf User-Agent ".*MSIE.*" \
                 nokeepalive ssl-unclean-shutdown \
                 downgrade-1.0 force-response-1.0
      </IfDefine>
    </IfModule>
    
    deny from 65.211.123.161
    however the IP address is still able to access the website ?

    I checked, and mod_access is a loaded module. Any ideas why this would not work ?

    Thanks,

    Peter

  2. #2
    SitePoint Evangelist
    Join Date
    May 2003
    Posts
    595
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hmm,

    Don't tell me it should be .........

    Code:
    Deny from 65.211.123.161
    like is it case sensitive ?

    Peter

  3. #3
    SitePoint Wizard Dean C's Avatar
    Join Date
    Mar 2003
    Location
    England, UK
    Posts
    2,906
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Code:
    order deny,allow
    deny from 65.211.123.161
    allow from all

  4. #4
    SitePoint Evangelist
    Join Date
    May 2003
    Posts
    595
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    Quote Originally Posted by Dean C
    Code:
    order deny,allow
    deny from 65.211.123.161
    allow from all
    Thanks, I did actually find out later that the single 'deny' was working, as I noticed some 403 messages for that IP address.

    The agent type is Lynx/2.8.5rel.1 libwww-FM/2.14 , and it is almost like someone has setup a cronjob to do this, as there are 4 visits every hour, the times of the intrusion are, for example:

    Mon Feb 21 2005 2:02:32 am EST
    Mon Feb 21 2005 2:17:27 am EST
    Mon Feb 21 2005 2:32:27 am EST
    Mon Feb 21 2005 2:47:28 am EST
    Mon Feb 21 2005 3:02:28 am EST
    Mon Feb 21 2005 3:17:27 am EST
    Mon Feb 21 2005 3:32:27 am EST
    Mon Feb 21 2005 3:47:27 am EST
    Mon Feb 21 2005 4:02:27 am EST

    and the url they are trying to access is a PHP file, trying to login, as I can see the username and password being passed also in the query strings.

    Apart from leaving the deny there in .htaccess, complaining to the web hosting company (that IP is for a large site, so how will they find out who it is ? ) , and complaining to the ISP, is there anything else I can do ?

    Redirect them somewhere ?

    Peter

  5. #5
    SitePoint Evangelist
    Join Date
    May 2003
    Posts
    595
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    Well, this turned out to be rather amusing. We recently moved a domain to a new host, and there was still a cron job running every 15 mins. Have just spoken to the tech guys at the old hosts, and they have deleted the cronjob.

    Peter


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •