can’t block an IP….please help!!!

No, it would not use up bandwidth. If anything it would use less bandwidth, because WordPress would not be displayed for banned users.

And the page loading time would be so tiny, that you could not accurately measure it in miliseconds. It might make the page load 0.00001% slower, but that is a rough estimate ??

Still Aleister, can you provide me with other sources? No matter which method I choose to do, I will do my own research on it before I even consider implementing it whatsoever. I won’t do something to my site unless and until I learn and understand it.

I do have a large list of IPs to block…

I just want to make it so that the only places on my space that people can get to is my site, no other files and folders. Is there a way to do that for image files as well? where it will load when you visit the site, but preven a download? I don’t think that is possible, I have watermards so i’m not too worried… just have had problems with peole stealing some original image files i’ve made and even pics of me that they use to say they are me. I know, they’re nuts cause who would want to use pics of me for that? lol…

anyway, Aleister, if you can point me in the right direction for sources on your method I would greatly appreciate it…

Thank you,

Kahil

Aleister, Ive no need to get into a pissing match over what you suggested. IF someone had NEITHER mod_access NOR mod_rewrite, it would be a viable solution.

That said, blocking IPs before they hit your page, (yes, if the php loads, it’s hit, kahil) is the more prefered method. In other words via Apache and mod_rewrite.

If you disagree youre just being stubborn.

—–

Image files, kahil, fixed with mod_rewrite.

Ill check back later.

ok, thanks whooami…

what do i need to do?

Thank you,

Kahil

Folks,

Aleister’s method is perfectly legitimate and used on many websites. In short, I wouln’t sweat over the “cost” differences between using PHP and using .htaccess, unless you’re expecting to get hit thousands of times per day. I have used this method a number of times:


<?php
$blocks = array(
'1.2.3.4',
'2.3.4.5',
'3.4.5.6',
'4.5.6.7',
);
if (in_array($_SERVER['REMOTE_ADDR'], $blocks)) {
header("Location: http://www.shibe.com/end/index.html");
exit();
}
?>


Of course, change the actual location to suit your own sense of humour.

ok,

pizdin_dim, I still would like to see some sort of source on this where i can research this… what is this method called? do you know of a link for it? What does that location part for? does it have to be that? is that link meant for this purpose or is it on someone’s own server and space? I don’t like the idea of using someone elses resources to free up mine for my problems if that is what it does…that just wouldn’t be right…

Thank you,
Kahil

Try this for starters:

https://www.google.com/search?hl=en&q=blocking+ip+addresses+with+php

yeah, i’ve done this search before and found nothing from a reliable, credible source…

most of them lead you to forums, sites that do not explain anything or just don’t lead you to that topic…

after viewing what was posted on some of those forums, they are inconsistant in this…

I don’t agree with your judgement of a “reliable, credible source”. As far as I’m concerned, you should spend more time researching.

If you don’t find any of those links can be trusted, perhaps you should read a few books instead? PHP, Apache, MySQL, Linux and Security good topics to start with.

Assuming you trust the authors, of cours.

??

pizdin_dim,

there is no need for an attitude here. when the different sites do not show the method done the same ways or do not explain it, then how can those sources be considered credible? for site security issues i need something more relieable than cutting and pasting all the different ways people are doing this in hopes that one of them will work. I’m sorry, but the “Tommy Boy” method just doesn’t work with site security. By “Tommy Boy” I am referring to the following line from the movie:

“You can get a good look at a t-bone by sticking your head up a bull’s ass, but wouldn’t you rather take the buthcer’s word for it?”

That’s funny: I chucked some helpful tips in your general direction and all you caught is some attitude.

Perhaps you should read what I said again. This time without prejudice. I stand by what I said about both, the researching and the books: read as much as possible and compare the different methodologies. If you don’t have the time right now, then just implement what was suggested above until you some up with a “better” way.

Cheers.

lol… like I said, i have researched and done that search before and found nothing reliable or consistant…

also, its not what you say sometimes, its how you say it…

moving on…

ok, so anyway..

Just to be clear, pizdin_dim, and Im only replying to this because it bothered me as I was driving home from work.

“Aleister’s method is perfectly legitimate and used on many websites”

Please dont put words in my mouth.

I never said it was not legitimate. I said that its not the best solution. That it happens to be used doesnt make it the best solution. (Lots of servers run IIS, its not the best solution)

Like I said, given an option where I did not have mod_access or mod_rewrite I might look at something like it.

Moving on ..

kahil, for starters.

mod_rewrite for Apache Server:
https://httpd.apache.org/docs/1.3/mod/mod_rewrite.html

Its what wp is using for your permalinks. Permalinks work then you have it available to use.

—

Your .htaccess looks something like this:

<IfModule mod_rewrite.c>
RewriteEngine On
more stuff
more stuff
more stuff
more stuff
more stuff
</IfModule>

Under that last line : </IfModule>, you can do this

(Using example ips from your earlier .htaccess):

RewriteCond %{REMOTE_ADDR} =125.240.113.194 [OR]
RewriteCond %{REMOTE_ADDR} =217.39.10.127 [OR]
RewriteCond %{REMOTE_ADDR} =200.250.100.131 [OR]
RewriteCond %{REMOTE_ADDR} =212.248.245.241 [OR]
RewriteCond %{REMOTE_ADDR} =195.248.102.88
RewriteRule .* - [F]

the [OR] means “or”

this IP OR that IP. Notice the last line doesnt have an [OR] since its the last line.

The [F] tells it to send a 403 Forbidden to the client, no matter what part of your site is hit, real live wordpress or non-existant guestbook, it doesnt matter.

You can handle your bot bans using mod_rewrite also, and you can deter/stop hotlinkers with mod_rewrite.

In my above snippit you prolly noticed I ommited the <IfModule mod_rewrite.c> and </IfModule>. Dont worry, you dont need to re-add that.

I will be happy to work out the regular expressions you’ll need to use to ban those bots but it’s not something I want to do right this second OR here in this thread.

Drop me an email at blahblah at village – idiot dot org, and I will gladly help with that other stuff via email.

If you need more help with what I explained above, feel free to ask here (its your thread) or email me, I dont mind.

I can also give you a few good tricks that will beef up your sites security a smidge too.

Take care ?? and I hope this help,

whoo

There’s no need for attitude here, you say. You’ve been given plenty of advice, most of it decent, and you continue to carp.

If you don’t like what you’re reading, oh well.

I think the PHP deny method is a kludge. They’re all kludges unless access is blocked at the host level.

That way, your site never gets to see any of the stuff you are currently seeing, and you say your host won’t do that.

What does that tell you?

It’d tell me, screw you, let me dump my sql and I’ll go find a host that actually has a clue. There are plenty out there.

You’re just head-butting a brick-wall otherwise.

IIIIIIIV, getting ANY normal host to do an IP ban or netblock ban isnt going to come easy.

I had a T1 to my house for 3 years, had authoritative control of 30 ips. One saturday night while I slept my server was dos’d for 9 hours. I woke up to virtual spools of syslog and ipchains logs and other than those logs, an unresponsive server.

One call to my upstream provider and the problem was taken care of within minutes. I was not, however, spending 5-10-15-25-50 bucks on hosting. I was spending “real” money.

That is not to say that there might not be a host somewhere that doesnt try to accomodate those sorts of requests, just that they are few and far in-between.

An application level solution is not a bad one, if done correctly, and you actually reinforce what I was trying to explain earlier. The higher you go up the chain the better. banning ips at the wordpress/PHP level is about as useful as leaving your front door unlocked and then locking yourself in your bedroom while the thieves clean out your family room.

Atleast at the Apache level, your keeping them from achieving their goal, getting into webstats, awstats, shortstats, googlestats, etc…