Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Blocking IP ranges


  • Please log in to reply

#1
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hi reader/s

I've noticed that my website gets visits from sites in Russia, China and Panama. They all appear to be trying to access the ADMIN part of the site rather than the usual stuff people view.

Is there a way of blocking these unwanted visitors via code somewhere on the site?

Thanks
  • 0

Advertisements


#2
AstraNut

AstraNut

    Member

  • Member
  • PipPipPip
  • 384 posts
Most of those 'Bots do not obey the "rules". You can try going into your Control Panel and setting up blocks for their IPs and hope it works. All Control Panels have this Utility which will write the code for the .htaccess files. Another thing to try is the robots.txt file for your site. As said though, many of those 'Bots will totally ignore these exclusion rules.
  • 0

#3
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Topic Starter
  • Retired Staff
  • 15,130 posts
Hmmm! Things are not looking too good on this forum, my signature appears to have been compromised.

My host doesn't have any simple control panel switches to play with, so I just added their IP addresses to the .htaccess file; I am hoping it works.
  • 0

#4
AstraNut

AstraNut

    Member

  • Member
  • PipPipPip
  • 384 posts
For those who have a Control Panel like cPanel, the IP Blocking utility does just what you did directly by writing to the .htaccess file. GeekstoGo had some problems and this is suppose to be new software they are using. Don't like it myself as they have messed up my email filters making useless.
  • 0

#5
Johanna

Johanna

    The Leather Lady

  • Moderator
  • 3,038 posts
Change the name of the admin folder. That will slow them down.
~J
  • 0

#6
amw_drizz

amw_drizz

    Member

  • Member
  • PipPipPip
  • 329 posts
Another thing you can do if you have any grasp of coding with web languages (php, asp, javascript, etc) then you could do a simple check when they access the admin page. Like the following

Pseudo code (assuming php is used), Also assuming IP block range is 141.20.0.0 to 141.20.255.254

1) User loads admin page (IP Sent automatically to webserver)
2) PHP in index.php/admin.php inside of the admin page executes
3) Gathers current users IP address from web server
4) Depending on broadness from block table in a database, flat file, or hard coded; preform the following test on the ip

4a) Extract the Users IP address in to an array with each block its own array (example ip is 141.20.154.90)
Meaning Array [0] = 141 : Array[1] = 20 : Array[2] = 154 : Array[3] = 90

4b) using first segment (Array [0]) match to first segment IP segment in block list (If using multiple IP address loop through) IF Match continue to 4c Else show the page

4c) Continue process with other IP segments, Repeat and match while looping through if multiple IP Address IF Match repeat 4c Else If black list IP Segment is 0 proceed to step 5 Else Show the page .

5) User IP matches an IP in our black list. At this time you can do a few things depending on how you want it handled. You could cause an HTTP Error 404 Page Not Found, Redirect to your site or another site, or show the infamous white page of death.

HTH, and that you where able to follow along.
  • 0

#7
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Topic Starter
  • Retired Staff
  • 15,130 posts
Thanks for all your contributions; I wasn't aware of the last two until 30 minutes ago, and I will have to spend some time on the last one to fully understand it.

In an earlier response I said that I was using the .htaccess file and denying access to IP addresses from there, however, I was quite surprised on 3 occasions to see the IP address appear in the daily access logs even though they were on the banned list.

This is a sample of my .htaccess file:

AddHandler x-mapp-php5 .php
# Block Java/1.0
SetEnvIfNoCase User-Agent "Java/1.0" keep_out
<Limit GET POST>
order allow,deny
allow from all
deny from env=keep_out
</Limit>
<IfModule mod_speling.c>
CheckSpelling On
</IfModule>
# block proxy servers from site access
RewriteEngine on
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule ^(.*)$ - [F]
order allow,deny
deny from 46.20.XX6.1X4
ETC
allow from all

Does that appear to be OK and up to date?

Any idea how the bot gets access when banned?

Thanks

Phil
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP