htaccess blocking IP's

[keat63]

One of my sites is on a hosted cpanel, where I have no access to root, I don't have CSF etc etc.

It has a CGI script that allows for a user to leave a comment, however, it seems that I'm under some sort of bot attack.

I thought that I'd get clever by renaming the CGI file and updating any calls for this file.
This worked in the respect that the bots are no longer making updates to the comments.
However, they are still hitting the site.

Rather than trying to add each and every subnet which comes, I'd like to try and block all IP's which call for the old CGI file.

Is this possible with .HTACCESS ??

 

[Infopro]

Sure, find the icon in your cPanel called "IP Blocker".

 

[keat63]

Doesn't IP blocker require me to insert these IP's manually, which is what I'm trying to avoid.
Also, this affects every subdomain on the Cpanel, which appears to have a detrimental affect with some of the -Ecommerce sites.

I did find this which I'm just toying with.

<files myfile.txt>
order allow,deny
deny from all
</files>

 

[keat63]

And that didn't work, I still see them in the visitors log.

 

[Infopro]

I'm a bit confused I guess. There is no automated way that I know of to block IP addresses you don't want visiting your site. When you add an IP there as mentioned, its added to the htaccess that you asked about.

Yes, if you block an IP using the "IP Blocker" it should block all access to the account. Blocking an IP on one part of your site, but not another to avoid any detrimental affects makes no sense to me.

 

[keat63]

The cpanel account is split in to subdomains.
A few of the sites on these subdomains have cubecart which uses some sort of htaccess rewrite rule for SEO purposes.

The moment you start messing with IP Blocker, it does something to the htaccess file across all subdomains, which breaks the cubecart sites.

I want to just modify the htaccess file on one particular subdomain, without affecting any of the others.

 

[deadlock]

<files myfile.txt>
order allow,deny
deny from all
</files>

This does what you want it to do. The visits will still show in the access-logs (if that's what you mean) but if you take a closer look you will see they are "404" entries. The page will show as "Forbidden" (you can see that for yourself). The botter will eventually notice this and stop the requests.

 

[keat63]

Its Apache 2.4 and seems needs a little different approach.

I added:

<RequireAll>
Require all granted
Require not ip xxx.xx.xx (a short list of class c's)
</RequireAll>
<files myfile.txt>
order allow,deny
deny from all
</files>

hopefully, they will go away.