|
Crawling Across Chaos and Time Without End
|
|
Crawling Across Chaos and Time Without End
|
|
This post is really a revisit and clarification of an earlier one here and shows some of the things I do to keep the spammy bastards at bay as there is no “one fix for everything” solution.
Use of SABREWhat I’ve found, when using the excellent Sabre WordPress plugin, is that there are a heap of “usual suspects” that circle round and round a few IP addresses. Usually I’ll get supposedly real e-mail addresses from places like: komatoz.net gawab.com yandex.ru mail.ru inbox.ru…and previously I had them locked out by name – but that doesn’t work as they’re spoofed. Use of the .htaccess FileI’ve also made use of the .htaccess file in the website roots to block these names and a wodge of IP addresses. It’s become obvious that the differences between the SABRE logs of each website were due to differences between the .htaccess settings (I’d missed off a couple of IP’s between files) so now the blocked list is as follows:
This has been applied to all my sites so there should be some consistency between the residual IP addresses getting past the file. If you don’t know how to do this, ask me or look it up on the net like I did. I’ve also left some links at the bottom. If you are using WordPress, they advise you to set one up to manage the permalink structure. All you need to do is open .htaccess and paste the list after the WordPress additions. The # hash is a line comment (remming it out). The .htaccess file is an immensely powerful tool. It’s a huge Apache thing. What I’m doing above is to block the need for an “index” file which stops unwanted folder trawling if a folder doesn’t have an index file; and then I block any enquiries from the list of IP addresses. This is empirically derived so if you know people with Russian email addresses you’ll have to modify the list, which is set up for my blockings only!
The use of .htaccess in this way takes the load away from WordPress so that it never even gets to do any filtering! Make sure that you block write access to the file afterwards! Same goes for your robots.txt file and various folders…. Use of AkismetAs well as this lot, I also use Akismet, which most folk use anyway as it’s part of the default WordPress install. Anything that consistely gets through can be added to the .htaccess file along with the odd spurious SABRE detections. I started all this when I was hacked (or more correctly cracked – I hate the way the usage has been hi-jacked on this..) by some Turkish activists. I learnt the hard way! :-( See my earlier post here.
Amazon Related:
Related Posts by TagsImprove the web with Nofollow Reciprocity.
|
|
 |
© 2008 Strangely Perfect StarScape Theme (1.5.11: Scorpius) | Design by: GDragoN Valid XHTML Valid CSS |
© 2007-2010 Strangely Perfect All Rights Reserved
Strangely Perfect is Digg proof thanks to caching by WP Super Cache
Posted on 18:02, April 23rd, 2008 by 
Posted in 
Acute Records
Alistairs Dream (check out the gallery!)
Collective Voice
Crawling Chaos
Denyse Willem
Ikeda
Mailwasher Pro
Project Honey Pot
Universal Declaration of Human Rights
What Really Happened?
WND
Since this post I’ve been twiddling with htaccess again using stuff mainly from Josiah Cole which is very useful.
As a test, I’ve also removed all the deny IP addresses just to see which ones are actually hitting me now….
Watch this space :-)
Like or Dislike:
0 
0
Following on from the above, I’ve only got 11 IP addresses blocked now and this has blocked all user registration spam for SABRE for the past week or so. I think the bad guys move about a bit!
One thing new has started and I’ve alluded to it elsewhere… I’m getting weird hits from a Latvian outfit that seems to be a hosting company, eclub.lv See …permalink-structure-change
So they’ve been completely blocked with htaccess because they’re mucking up my stats. Sod them.
Like or Dislike:
0 
0
I removed all blocked IP addresses from the .htaccess file about a month ago. Since then, I’ve not been troubled.
I think the newer incarnation, plus Akismet, plus Tan Tan Noodles mops up everything and I still allow people to freely comment!
This is my current recommendation to block the various spam types from my WordPress blogs.
Like or Dislike:
0 
0
Just wondering… You have the list as allow,deny and then list the IP addresses to ban. Everything looks good but then you give the allow from all directive AFTER listing the banned IPs… Shouldn’t you have
order allow,deny
allow from all
deny from 24.1.39.117
deny from 38.99.101.151 and so on…
You quoted that the Apache server does 3 swipes at the file but that seems inefficient… I figured allow,deny would tell it to allow all but deny the following, or reversed it would see order block and deny everybody but then allow the specifically mentioned… In the case you’ve shown I would have assumed that since allow from all is listed after the deny list, you would be inadvertently allowing all of those in which you previously denied…
Like or Dislike:
0 
0
@blog4booty
I hardly use this aspect of .htaccess anymore. I only use it when someone is persistently pinging! I’ll block them for a few weeks and then take the entries out to keep the file size down. The 3 swipes thing is from the manual.
For the order, the only thing that matters is the “order allow,deny” – how they appear in the list is irrelevant.
What happens is that it sees “order”, then sees “allow”.
Then it scootles down the file and will allow everything it sees on a line beginning with “allow from …”
When it reaches the bottom, it flies back to the top and THEN does each line as it scootles down that starts with “deny from…”, denying each IP/domain you’ve included.
The order that the various IP addresses or domains is, is not important. JUST the way the “order allow,deny” is at the top. For instance, this is valid:
This will only allow good1.com Everything else is redundant. This is why you use “from all” to ensure that you get access other wise you’ve blocked yourself!
So:
..is better. First it enacts all the “allows” – which is “from all”. Then it does all the “deny”’s. It blocks two domains.
Now compare to the one below….
First it “deny”’s the two bad domains and then it undoes these two deny actions by “allow”-ing “from all”!!! This means that the floodgates are now open!
The only reason to separate the “deny from..” and “allow from..” entries is for ease of reading!
The normal usage of this part of .htaccess for a webmaster is to block dodgy sites. It can be used to just allow a few IP addresses through – say if you have an almost completely locked down intranet and you want to allow a few homeworkers access. In this case, you “deny from all” THEN “allow from..” the various IP addresses external to your network.
The Apache help file is extensive, but IMHO, extremely hard to wade through. Most of my info is pulled straight from other websites that just examine a few aspects of the usage of .htaccess. Links are in the posting.
Hope this helps!
Like or Dislike:
0 
0