How to ban by domain name

panit

Active Member
Aug 14, 2013
35
1
58
cPanel Access Level
Reseller Owner
The site of one of my hosting members is getting bombarded by a particular domain name. A typical access log entry is
server.domain.net - - [13/Aug/2013:21:07:14 -0400] "GET /ext/jquery/bxGallery/jquery.bxGallery.1.1.min.js HTTP/1.1" 200 4107 "http://www.domain_name_hidden.com/" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2)"
The log shows about 60,000 - 80,000 hits per day so I would really like to stop that. I've tried adding deny from .server.domain.net and deny from .domain.net to the .htaccess file but it didn't make any difference, perhaps because the domain name does not resolve. I tried looking up its IP's and blocking those but I must not have gotten them all since it didn't make any difference. I tried adding some code on the site that checks the user agent and remote address entries in $_SERVER but if didn't catch any. Is there any way to stop this domain name from accessing the server?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello :)

I recommend installing a third-party firewall such as CSF:

ConfigServer Security & Firewall

While you will not be able to block a hostname directly, it's a better method of blocking specific IP addresses compared to using a .htaccess file.

Thank you.
 

24x7server

Well-Known Member
Apr 17, 2013
1,911
96
78
India
cPanel Access Level
Root Administrator
Twitter
Hello,

Yes, Check the access logs and block the IP if you found many hits from single IP OR any IP range. Also I will suggest you try (D)DoS Deflate on your server (D)DoS Deflate - deflate.medialayer.com
 

panit

Active Member
Aug 14, 2013
35
1
58
cPanel Access Level
Reseller Owner
Thanks for the suggestions. Unfortunately, I can't find its IP, or at least all of them. My host applied a mod security change and I blocked more IP's I ran across so the accesses are down to around 25,000/day. Still not good but much better than what it was.
 

quietFinn

Well-Known Member
Feb 4, 2006
1,222
87
178
Finland
cPanel Access Level
Root Administrator
The site of one of my hosting members is getting bombarded by a particular domain name. A typical access log entry isThe log shows about 60,000 - 80,000 hits per day so I would really like to stop that. I've tried adding deny from .server.domain.net and deny from .domain.net to the .htaccess file but it didn't make any difference, perhaps because the domain name does not resolve. I tried looking up its IP's and blocking those but I must not have gotten them all since it didn't make any difference. I tried adding some code on the site that checks the user agent and remote address entries in $_SERVER but if didn't catch any. Is there any way to stop this domain name from accessing the server?

Seems that HostnameLookups directive is On in Apache config.
That is not recommended.
If HostnameLookups is set to On, then the server will try to determine the hostname and log it in place of the IP address.
Log Files - Apache HTTP Server

In this case it's a very bad idea, because obviously those IP addresses where the connections are coming from (reverse)resolve to the hostname server.domain.net , but server.domain.net does not resolve to any IP address(es).

You must ask your hosting provider to turn HostnameLookups Off, so that you can see the IP addresses instead of the hostname.
 

harmeet

Member
Apr 18, 2013
6
0
1
cPanel Access Level
Root Administrator
Hi,

You can use netstat and iptraf utility to check how many in coming connections are being made to the server, If any IP looks suspicious you can block it !

Thanks !