.htaccess question

[hoyaguru]

My server has been getting bombarded with hack attacks, and I read that including some "deny" commands in an .htaccess file would stop them. So far, it isn't working. Here's what I added:

deny from 202.
deny from 203.
deny from 210.
deny from 211.
deny from 218.
deny from 219.
deny from 220.
deny from 221.
deny from 222.
deny from 61.

I tried the same thing without the "." after the numbers, that didn't work either. I have this in my root directory, home directory, and store directory. What do I have wrong? Anyone know if I need something else in this file, or is there another way to stop these attacks?

 

[Beau]

This should work (did on my server):

 

[hoyaguru]

Thanks, I'll give it a try. Do you know if I need this in each directory, or just in my root directory?

 

[Beau]

Originally posted by: hoyaguru
Thanks, I'll give it a try. Do you know if I need this in each directory, or just in my root directory?

I believe it cascades, but can be overridden in you subdirectories. Not 100% positive though.

 

[hoyaguru]

Well, just got hit again from 211.24.252.197. Back to the drawing board I guess. Anyone know of another way to stop this from happening?

 

[Beau]

You running your own server?
is it hosted?
are you sure you/they support .htaccess files?
that bit of code should have worked just fine, I've tested it on my webserver (apache 2.0 on freebsd) and it worked fine.

 

[hoyaguru]

Originally posted by: Beau
You running your own server?
is it hosted?
are you sure you/they support .htaccess files?
that bit of code should have worked just fine, I've tested it on my webserver (apache 2.0 on freebsd) and it worked fine.

It is at servermatrix.com.

 

[hoyaguru]

I opened a "ticket" at the place that hosts my server and asked them about the .htaccess file:

"According to others I've talked to online, this should work, but I'm still getting slammed. The only thing anyone can think of is that maybe you guys don't support .htaccess. Can someone help me with this? My log files are so full of these hack attacks it's hard to see where my real customers are coming from. If you have a different solution than the .htaccess file I will try that as well."

Their reply was, "Even when using this, you should still see the attempted connections from those IP addresses. Most likely this is working as it should."

Does this sound right? My whole goal in setting this up is to stop these attacks so this stuff is NOT in my logs. I made a copy of my "last 300 visitors", you can see it HERE (it's big, may take a minute with a slow connection). Starting with the 2nd entry, all you can see is /\x90\x02\xb1\x02\xb1\x02\xb1\ etc, and as you go down the page you will see a bunch more. That's what I'm trying to stop. If anyone can help, I'd appreciate it.

 

[Supermercado]

Rather than start my own thread about .htaccess as I almost did last night, does anyone know if there's a way when using the Options Indexes stuff to increase the width of the column that displays the files' names?

Also, thanks for the info, Beau :thumbsup:

Edit: I guess I might as well tack this on here just in case someone sees it... I'm a newb just trying to learn the ropes of hosting and I want to make sure that my stuff is secure. If anyone has any tips, links, whatever, I'd really appreciate it.

 

[Beau]

As far as that info getting into your logs goes, I'm not aware of anything that the standard apache code supports that would prevent an access attempt from getting logged, hell, I don't think I'd even want it. Seems that it would be a major risk considering you'd lose information from what new methods attacks are, instead of this virus you're getting hit with. I can only think of a couple things that you COULD do if you really want this:

1 - Maybe set up a filter in your log reporting tool that would match on a request string and delete it from the results. That way you still get your clean reports, but als still have all your access attempts logged.
2 - You'd probably have to have an apache mod made to allow for log entry blocking.

There could be something out there that already does this, but I'm not aware of it.

 

[CTho9305]

Originally posted by: SuperCommando
Rather than start my own thread about .htaccess as I almost did last night, does anyone know if there's a way when using the Options Indexes stuff to increase the width of the column that displays the files' names?

Also, thanks for the info, Beau :thumbsup:

Edit: I guess I might as well tack this on here just in case someone sees it... I'm a newb just trying to learn the ropes of hosting and I want to make sure that my stuff is secure. If anyone has any tips, links, whatever, I'd really appreciate it.

IndexOptions +NameWidth=80

 

[Beau]

:thumbsup: CTho9305

 

[Supermercado]

CTho9305: Hey, thanks. Sorry, I didn't realize that someone else had replied to the thread. Thanks!