I know that there are alot of you out there who are having trouble with banned members/spambots that still try to visit your site and create LOTS of error logs. It gets annoying, I know.
This simple Tip will help get rid of that... :P
What this will do is modify your .htaccess file, adding a banned IP address to that. This way, when a banned member/spambot tries to reach your site, instead of getting the login screen, they will get a "403 - Forbidden" Error. (What Is A "403 - Forbidden" Error? (http://www.checkupdown.com/status/E403.html))
Well, here it is :P
.htaccess
order deny,allow
deny from xx.xx.xx.xxx
allow from all
order deny,allow
deny from xx.xx.xx.xxx
deny from xx.xx.xx.xxx
deny from xx.xx.xx.xxx
deny from xx.xx.xx.xxx
allow from all
Change "xx.xx.xx.xxx" to the IP address you want to ban
Any questions, feel free to ask! :P
EDIT: I will try to make a script/MOD that can modify the .htaccess from the Admin panel. If anyone out there would like to help me, I would be grateful :P
Bump?
Wanting this moved to Tips and Tricks (http://www.simplemachines.org/community/index.php?board=72.0), are we? :P
Yessir :P :P :P
Though you didn't say please...
Moved
:P
Pretty please with sugar on top, may you move this to Tip and Tricks? ;D
By the way Nas, is there any way I can use php to modify the htaccess file?
I want to turn this into a MOD with admin panel options. I just need to know how to modify htaccess. I can do the rest :P :P
Not sure if it works on htaccess, but have a look at this:
http://www.php.net/manual/en/ref.filesystem.php
Open the file, write to it, close.
Thanks bro. I'll get to work right now. Hopefully have it submitted by tomorrow :P :P
Great info here.
It makes me wonder if it is possible to make your own "403 - Forbidden Error" page that people will see as well or is it strictly server side?
I'm figuring that since it denies passageway to your own site, you wouldn't be able to make one yourself though since the person's IP is banned from browsing. Maybe I just answered my own question there. LOL But, thought I'd ask!
Is this a mod yet?
Got a beta to test? Please attach it if so.
Quote from: C4G-TK on March 30, 2009, 11:54:59 AM
Great info here.
It makes me wonder if it is possible to make your own "403 - Forbidden Error" page that people will see as well or is it strictly server side?
I'm figuring that since it denies passageway to your own site, you wouldn't be able to make one yourself though since the person's IP is banned from browsing. Maybe I just answered my own question there. LOL But, thought I'd ask!
Create file 403.shtml (or ask your host if they provide error handling)
Add custom HTML
Quote from: aishaweb on March 30, 2009, 12:07:22 PM
Still working on it as we speak. A beta will be release soon. :P
Is this a mod yet?
Got a beta to test? Please attach it if so.
ermm..... this help me a lot :)
nice info and tips .... :)
Quote from: aishaweb on March 30, 2009, 12:07:22 PM
Is this a mod yet?
Got a beta to test? Please attach it if so.
There is no reason why this wouldnt work on an internal system intranet, is there?
While the site is to be intranet based, I'm of no illusions that somebody wouldnt think it funny to have crowing rights over how "insecure" or "setup on the cheap" is!
If this iproject is successfull, we should be able to grab maybe 20k of their budget :D ( cackles with glee)
I see no reason why it shouldn't work on an intranet system.
Sorry to sound like such a noob here, but would someone be so kind enough as to tell the lady how to do this step by step? I'd really appreciate it!
ETA: nevermind, got it. Thanks again!!!!! It's a BIG help!
Great tip, however just to add little bit of sugar :D
For those who's hosts give them CPanel access you can also access the.htaccess file by updating entries in the IP Ban control in the Security control panel area, if you have it.
Advantages for this is that, from my understanding it will alter all the .htaccess files on your site, or sites. Will shut up now in case im wrong :D im used to that
Respect to all
Quote from: TLBSupport on May 06, 2009, 03:46:34 AM
Great tip, however just to add little bit of sugar :D
For those who's hosts give them CPanel access you can also access the.htaccess file by updating entries in the IP Ban control in the Security control panel area, if you have it.
Advantages for this is that, from my understanding it will alter all the .htaccess files on your site, or sites. Will shut up now in case im wrong :D im used to that
Respect to all
As long as you enter it in the root .htaccess, it applies for the whole forum as every action is executed through index.php.
The problem with this is that it could put a lot of load on the apache server. If you have a busy forum, everyone who attempts to view your site will be checked against that list in the .htaccess file.
If you have access to ssh, you could do this instead :
iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP
Keep in mind that if your server is rebooted, the ban will no longer be in place. If you want the ban to stick even after a reboot, you must do this :
service iptables save
service iptables restart
Use at your own risk :D
It is important to note that Mayhem's suggestion requires not just SSH access but also root access :). The second code segment will also only work under Redhat and similar distros. Others (Debian, ubuntu etc) will require a different way of saving firewall rules
This is a very old topic and I see it has been approved but it's
terribly wrong.
Let me explain you why:
order deny,allow
deny from xx.xx.xx.xxx
deny from xx.xx.xx.xxx
deny from xx.xx.xx.xxx
deny from xx.xx.xx.xxx
allow from allIt sets the server:
- in default "allow" mode so that any unrecognized user is automatically allowed.
- it processes bans first and allowed entries after that.
What does it mean? It means that if allow command is processed after the deny one if you write allow from all that allow command *will* overwrite all deny entries so it will unban all users.
For reference:
http://www.simplemachines.org/community/index.php?topic=523720.0 (my first topic about it)
http://www.simplemachines.org/community/index.php?topic=523925.0 (second topic very similar to the first one and somehow used as a part 2 for the 1st one)
Thanks to Lou69 (http://www.simplemachines.org/community/index.php?action=profile;u=248702) I provide also these links: http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order and http://httpd.apache.org/docs/current/mod/mod_access_compat.html#allow
Sooo after all the overall correct setting would be (using deny,allow)
order deny,allow
deny from xx.xx.xx.xxx
deny from xx.xx.xx.xxx
deny from xx.xx.xx.xxx
deny from xx.xx.xx.xxx
Without the allow from all at the end or either use order allow,deny
order allow,deny
deny from xx.xx.xx.xxx
deny from xx.xx.xx.xxx
deny from xx.xx.xx.xxx
deny from xx.xx.xx.xxx
allow from all
In this case allow from all is necessary because the server default state is set on deny so any unlisted entries would be denied access.
I made a whole guide about this that is correct: http://www.simplemachines.org/community/index.php?topic=524146.0