can’t block an IP….please help!!!

Mine does, and has done every time I’ve asked. Every time some idiot runs bots, open procxies or other crap and slams my site, my host has nuked it at the host level.

Reading other webmastering/hosting forums out there, it seems to be a fairly common thing granted if requested.

Doing it any other way, .htaccess or PHP or whatever, still means they get to you regardless, using up server time, log space, warp stats, etc, etc.

Just saying.

you find me a US based host willing to do that, one that advertises that they do exactly that, and even I would be happy to look at a switch, and Im hosted with a friend ??

Funny that you mention proxies, how does any host handle the deluge of open proxies coming from .my and .br and .mx .. they cant possibly, short of netblock bans. Which literally no host will undertake since they run the risk of banning customers.

To that end, I block all of Brazil. I have a script that generates complete ip ranges, I take those ranges, do the CIDR lists and Im good to go.

Anyway, your point is well taken but Im skeptical all the same. Off to bed, im whooped.

I did not realize this would get into such a big argument ??

I do use both methods myself, depending on the situation.

I was just going off the fact that his host said “Unfortunately, you will not be able to block IP addresses at the server level. We apologize for any inconvenience that this may cause you”

If you really want to save a few CPU cycles you can just disable the use of .htaccess all together and add all your directives right into the http.conf file ?? That way the server does not have to check each directory for rules everytime any file is accessed. This can be a bother though.

“”Unfortunately, you will not be able to block IP addresses at the server level. We apologize for any inconvenience that this may cause you”

Its a common refrain, but if they’re referring to Apache server level and not “box” level server, it’s also a moot point. In other words, its called tier one support doing and knowing what they do/know best, pretty much nothing. They dont even know the capabilities of what they do have installed.

Whooami: I’m not putting anything in your mouth. The person who asked for advice got it from a number of sources. One of those sources suggested the PHP check. While not the “ideal” solution in a purist sense, it will certainly work.

Kahil: You asked for advice. You got it from a number of people who are all volunteers. While it may be difficult for you to implement any of these tips and workarounds without verifying it for reliability and consistancy the fact remains that people put in their own time to offer you advice. You then asking for proof could seem a little arrogant, considering it’s you who asked for help.

No hard feelings though.

pizdin_dim:

hahaha…

(A) yes, I did ask for help, but I didn’t ask for you to be combative with the other advice others have given.

(2) by your own admission your solution is not the “ideal” way to do this, so why argue with whooami about the better solution given?

(D) arrogant? it isn’t arrogant when asking for help you also ask for proof or some kind of source, its called careful. what good would doing something like this be if I can’t or won’t understand it? You learn less by cutting and pasting than you can from reading, learning and understand how and why things work. The goal of us all is to not have to come here all the time for help right?

whooami: I’ll give it a go and let everyone know how it works…

Thank you everyone,
Kahil

Want to stop this from happening again? Make your site referrer unfriendly. If you link to all the latest referrers, that’s just ASKING for spam.

Sorry, but it’s true.

i don’t link to the referers that are doing this. in fact, most of these attackers don’t leave referers…

making your site referer unfriendly does absolutely nothing except make your site referer unfriendly. Spammers, of ALL kinds, operate on the law of averages. They hit 1,000,000 sites a day, a certain percentage of those site owners wont notice or wont care, etc… Its merely a matter of hitting the most sites — there is no such thing as targeted spamming.

Thats called a DOS, and is an entirely different animal.

well… so far so good!!! I’ll give another update later in the day too!!

Thank you whooami!!

This will be my last post in this thread because I am loosing interest, but in response to your request for ‘proof’ or ‘references’ for my method, It is very simple PHP code. Even if you do not know PHP you could easily look up the documentation on the _single_ PHP function that is used in it.

You might as well ask for proof and references for ‘echo’ before you trust using it to output a line of text.

This will be my last post on this too, before the thread defeats it’s own purpose.

Kahil:

When you come to someone asking for their advice on something which you’re not an expert, and you then question that advice by asking it to be substantiated by some means you alone consider to be authorative, then as far as I’m concerned you’re showing disrespect. You on the other hand, consider that being “careful”.

I would argue therefore that it’s your own attitute which got you a response you didn’t like the “tone” of.

I did not argue with whooami about which was the “better” solution. I stated that the PHP check is legitimate. And it is. I have used it a number of times, as have many other developers. And I continue to use it when the circumstances require it. Why? Because it works.

oh for crying out loud…

go back and read what I said… I asked kindly for a supplementrary source for what Aleister posted. Why? not to be disrespectful to anyone, rather to do exactly what I stated…to be able to learn and understand exactly what and how the code does what it does. by just copying and pasting what was posted into my .htaccess file I, or anyone else for that matter, learns absolutley nothing.

When it comes to site security, asking for an outside source is very reasonable. When given a google search link that leads you to several unrelated sites and sites which state various different versions of it then how can they be considered knowledgable sources? Are you going to play the trial and error game all day until you find the one that is correct? Are you going to take the risk of using harmful code? Of course not.

Thank you whooami, I think its working!!!

You can use my Referrer Bouncer plugin to block the exact referrer string. That way you don’t have to bother with blocking one or more IP’s.

Let me know how it goes on my blog.

whooami,

is there a way that I can just block a specific URI on my site? like… /guestbook/ ?… cause yeah, the ip address thing is working, but i am still getting this problem and each day i add more and more IP addresses.

Thank you for your help,
Kahil