How to ban by domain name

[panit]

The site of one of my hosting members is getting bombarded by a particular domain name. A typical access log entry is

server.domain.net - - [13/Aug/2013:21:07:14 -0400] "GET /ext/jquery/bxGallery/jquery.bxGallery.1.1.min.js HTTP/1.1" 200 4107 "http://www.domain_name_hidden.com/" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2)"

The log shows about 60,000 - 80,000 hits per day so I would really like to stop that. I've tried adding deny from .server.domain.net and deny from .domain.net to the .htaccess file but it didn't make any difference, perhaps because the domain name does not resolve. I tried looking up its IP's and blocking those but I must not have gotten them all since it didn't make any difference. I tried adding some code on the site that checks the user agent and remote address entries in $_SERVER but if didn't catch any. Is there any way to stop this domain name from accessing the server?

 

[cPanelMichael]

Hello

I recommend installing a third-party firewall such as CSF:

ConfigServer Security & Firewall

While you will not be able to block a hostname directly, it's a better method of blocking specific IP addresses compared to using a .htaccess file.

Thank you.

 

[panit]

Thanks for the suggestion. CSF is already installed.

 

[cPanelMichael]

Thanks for the suggestion. CSF is already installed.

I recommend blocking the IP addresses directly through CSF.

Thank you.

 

[24x7server]

Hello,

Yes, Check the access logs and block the IP if you found many hits from single IP OR any IP range. Also I will suggest you try (D)DoS Deflate on your server (D)DoS Deflate - deflate.medialayer.com

 

[panit]

Thanks for the suggestions. Unfortunately, I can't find its IP, or at least all of them. My host applied a mod security change and I blocked more IP's I ran across so the accesses are down to around 25,000/day. Still not good but much better than what it was.

 

[quietFinn]

The site of one of my hosting members is getting bombarded by a particular domain name. A typical access log entry isThe log shows about 60,000 - 80,000 hits per day so I would really like to stop that. I've tried adding deny from .server.domain.net and deny from .domain.net to the .htaccess file but it didn't make any difference, perhaps because the domain name does not resolve. I tried looking up its IP's and blocking those but I must not have gotten them all since it didn't make any difference. I tried adding some code on the site that checks the user agent and remote address entries in $_SERVER but if didn't catch any. Is there any way to stop this domain name from accessing the server?

Seems that HostnameLookups directive is On in Apache config.
That is not recommended.

If HostnameLookups is set to On, then the server will try to determine the hostname and log it in place of the IP address.

Log Files - Apache HTTP Server

In this case it's a very bad idea, because obviously those IP addresses where the connections are coming from (reverse)resolve to the hostname server.domain.net , but server.domain.net does not resolve to any IP address(es).

You must ask your hosting provider to turn HostnameLookups Off, so that you can see the IP addresses instead of the hostname.

 

[harmeet]

Hi,

You can use netstat and iptraf utility to check how many in coming connections are being made to the server, If any IP looks suspicious you can block it !

Thanks !