Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Blocking IP ranges


  • Please log in to reply

#1
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hi reader/s

I've noticed that my website gets visits from sites in Russia, China and Panama. They all appear to be trying to access the ADMIN part of the site rather than the usual stuff people view.

Is there a way of blocking these unwanted visitors via code somewhere on the site?

Thanks
  • 0

Advertisements


#2
AstraNut

AstraNut

    Member

  • Member
  • PipPipPip
  • 465 posts
Most of those 'Bots do not obey the "rules". You can try going into your Control Panel and setting up blocks for their IPs and hope it works. All Control Panels have this Utility which will write the code for the .htaccess files. Another thing to try is the robots.txt file for your site. As said though, many of those 'Bots will totally ignore these exclusion rules.
  • 0

#3
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Topic Starter
  • Retired Staff
  • 15,131 posts
Hmmm! Things are not looking too good on this forum, my signature appears to have been compromised.

My host doesn't have any simple control panel switches to play with, so I just added their IP addresses to the .htaccess file; I am hoping it works.
  • 0

#4
AstraNut

AstraNut

    Member

  • Member
  • PipPipPip
  • 465 posts
For those who have a Control Panel like cPanel, the IP Blocking utility does just what you did directly by writing to the .htaccess file. GeekstoGo had some problems and this is suppose to be new software they are using. Don't like it myself as they have messed up my email filters making useless.
  • 0

#5
Johanna

Johanna

    The Leather Lady

  • Moderator
  • 3,038 posts
Change the name of the admin folder. That will slow them down.
~J
  • 0

#6
amw_drizz

amw_drizz

    Member

  • Member
  • PipPipPip
  • 329 posts
Another thing you can do if you have any grasp of coding with web languages (php, asp, javascript, etc) then you could do a simple check when they access the admin page. Like the following

Pseudo code (assuming php is used), Also assuming IP block range is 141.20.0.0 to 141.20.255.254

1) User loads admin page (IP Sent automatically to webserver)
2) PHP in index.php/admin.php inside of the admin page executes
3) Gathers current users IP address from web server
4) Depending on broadness from block table in a database, flat file, or hard coded; preform the following test on the ip

4a) Extract the Users IP address in to an array with each block its own array (example ip is 141.20.154.90)
Meaning Array [0] = 141 : Array[1] = 20 : Array[2] = 154 : Array[3] = 90

4b) using first segment (Array [0]) match to first segment IP segment in block list (If using multiple IP address loop through) IF Match continue to 4c Else show the page

4c) Continue process with other IP segments, Repeat and match while looping through if multiple IP Address IF Match repeat 4c Else If black list IP Segment is 0 proceed to step 5 Else Show the page .

5) User IP matches an IP in our black list. At this time you can do a few things depending on how you want it handled. You could cause an HTTP Error 404 Page Not Found, Redirect to your site or another site, or show the infamous white page of death.

HTH, and that you where able to follow along.
  • 0

#7
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Topic Starter
  • Retired Staff
  • 15,131 posts
Thanks for all your contributions; I wasn't aware of the last two until 30 minutes ago, and I will have to spend some time on the last one to fully understand it.

In an earlier response I said that I was using the .htaccess file and denying access to IP addresses from there, however, I was quite surprised on 3 occasions to see the IP address appear in the daily access logs even though they were on the banned list.

This is a sample of my .htaccess file:

AddHandler x-mapp-php5 .php
# Block Java/1.0
SetEnvIfNoCase User-Agent "Java/1.0" keep_out
<Limit GET POST>
order allow,deny
allow from all
deny from env=keep_out
</Limit>
<IfModule mod_speling.c>
CheckSpelling On
</IfModule>
# block proxy servers from site access
RewriteEngine on
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule ^(.*)$ - [F]
order allow,deny
deny from 46.20.XX6.1X4
ETC
allow from all

Does that appear to be OK and up to date?

Any idea how the bot gets access when banned?

Thanks

Phil
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP