Having trouble banning via .htaccess file

Saturnin · 2008-02-09, 03:54 AM

I get hits every ten minutes from a URL in China (reverse.gdsz.cncnet.net), which keeps trying to log into my members section. I've tried banning via the .htaccess file with both the URL name and the IP address, to no avail, and then gone further up the scale with the IP range (instead of xxx.xxx.xx.xxx, I've gone to xxx.xxx, to no avail either).

Any ideas on how to ban this URL, or maybe cncnet.net completely?

Simon · 2008-02-09, 06:58 AM

Without an example posted from your current htaccess file, it's hard to tell where you might have gone wrong. Here's a link to some pages with information on how to do banning by IP (and range) where you can check your own work. Or post something here that we can look at for you.

http://www.google.com/search?q=htacc...+by+IP+address

.

Saturnin · 2008-02-10, 01:13 PM

Thanks .... here's what I've put in the file so far...

order allow,deny
deny from 124.115.0
deny from 210.21.
deny from 210.22.
deny from cncnet.net
deny from 210.52.149.2
deny from 210.52.207.2
deny from 210.53.31.2
deny from reverse.gdsz.cncnet.net
deny from gdsz.cncnet.net
deny from 220.250.64.22
deny from 210.21.220.6
deny from 220.250.64.19
deny from 220.250.
allow from all

RewriteEngine On

RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.* - [F,L]

Simon · 2008-02-10, 05:48 PM

Is the htaccess code above live on your site now?

Where do you have your htaccess file located, and do you have more than one htaccess file?

Are you still getting hit by IPs you don't want to reach your pages?

Saturnin · 2008-02-11, 01:55 AM

That URL is using multiple IPs, and seems to have been changing IP numbers on a quicker basis than were updated in some of the IP trace directories. Just keep running through directories until you get the right combination....

Maj. Stress · 2008-02-11, 02:48 AM

Maybe you could ban by country as mentioned in this post. http://www.greenguysboard.com/board/...81&postcount=3

cd34 · 2008-02-11, 11:16 AM

Two things:

deny from reverse.gdsz.cncnet.net
deny from gdsz.cncnet.net

Having that in your .htaccess is going to cause apache to have to do a reverse dns lookup for each visitor to your web page. If there is no reverse dns, or, an improperly configured DNS entry, or a timeout on the reverse lookup, any surfer hitting the page will take time to resolve that before they are allowed access.

Secondly -- are you saying that those webservers/IPs are the ones hittin your site? or, is it actually a referring site that is sending surfers/bots?

Code:

x.x.x.x - - [11/Feb/2008:06:32:18 -0500] "GET /images/xxxxxxx.jpg HTTP/1.1" 200 9128 "http://www.blahblah.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; SIMBAR={4194A8CC-7C68-11DD-956D-000D6112ED67}; .NET CLR 2.0.50727)"

So, are the entries you're seeing corresponding with the x.x.x.x in the above log line, or "http://www.blahblah.com"

If "http://www.blahblah.com", then you need something like:

Code:

RewriteEngine on
RewriteCond %{HTTP_REFERER} reverse.gdsz.cncnet.net [NC]
RewriteRule .* - [F,L]

Based on your original post, I'm thinking you're probably wanting to ban hits coming from that referrer rather than the domain.

cd34 · 2008-02-11, 01:23 PM

also, you mention your members section.

Is your members section also protected by an .htaccess file? if so, apache won't read the rules in the .htaccess file above the members directory and you would need to make the same entries in your members .htaccess that contains the auth directives.

Saturnin · 2008-02-13, 01:40 AM

Thanks everybody, it seems to have done the trick... the access file is working again.... (I think it had something to do with identifying the underlying IP, which the URL name was not doing somehow)... but the advice was good, and I'm still going through it all.

2008-02-09, 03:54 AM	#1
Saturnin A woman is like beer. They look good, they smell good, and you'd step over your own mother just to get one! Join Date: Jul 2006 Location: Edge of the Universe Posts: 53	Having trouble banning via .htaccess file I get hits every ten minutes from a URL in China (reverse.gdsz.cncnet.net), which keeps trying to log into my members section. I've tried banning via the .htaccess file with both the URL name and the IP address, to no avail, and then gone further up the scale with the IP range (instead of xxx.xxx.xx.xxx, I've gone to xxx.xxx, to no avail either). Any ideas on how to ban this URL, or maybe cncnet.net completely?

2008-02-09, 06:58 AM	#2
Simon That which does not kill us, will try, try again. Join Date: Aug 2003 Location: Conch Republic Posts: 5,150	Without an example posted from your current htaccess file, it's hard to tell where you might have gone wrong. Here's a link to some pages with information on how to do banning by IP (and range) where you can check your own work. Or post something here that we can look at for you. http://www.google.com/search?q=htacc...+by+IP+address . __________________ "If you're happy and you know it, think again." -- Guru Pitka

2008-02-10, 05:48 PM	#4
Simon That which does not kill us, will try, try again. Join Date: Aug 2003 Location: Conch Republic Posts: 5,150	Is the htaccess code above live on your site now? Where do you have your htaccess file located, and do you have more than one htaccess file? Are you still getting hit by IPs you don't want to reach your pages? __________________ "If you're happy and you know it, think again." -- Guru Pitka

2008-02-11, 11:16 AM	#7
cd34 a.k.a. Sparky Join Date: Sep 2004 Location: West Palm Beach, FL, USA Posts: 2,396	Two things: deny from reverse.gdsz.cncnet.net deny from gdsz.cncnet.net Having that in your .htaccess is going to cause apache to have to do a reverse dns lookup for each visitor to your web page. If there is no reverse dns, or, an improperly configured DNS entry, or a timeout on the reverse lookup, any surfer hitting the page will take time to resolve that before they are allowed access. Secondly -- are you saying that those webservers/IPs are the ones hittin your site? or, is it actually a referring site that is sending surfers/bots? Code: x.x.x.x - - [11/Feb/2008:06:32:18 -0500] "GET /images/xxxxxxx.jpg HTTP/1.1" 200 9128 "http://www.blahblah.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; SIMBAR={4194A8CC-7C68-11DD-956D-000D6112ED67}; .NET CLR 2.0.50727)" So, are the entries you're seeing corresponding with the x.x.x.x in the above log line, or "http://www.blahblah.com" If "http://www.blahblah.com", then you need something like: Code: RewriteEngine on RewriteCond %{HTTP_REFERER} reverse.gdsz.cncnet.net [NC] RewriteRule .* - [F,L] Based on your original post, I'm thinking you're probably wanting to ban hits coming from that referrer rather than the domain. __________________ SnapReplay.com a different way to share photos - iPhone & Android

2008-02-11, 01:23 PM	#8
cd34 a.k.a. Sparky Join Date: Sep 2004 Location: West Palm Beach, FL, USA Posts: 2,396	also, you mention your members section. Is your members section also protected by an .htaccess file? if so, apache won't read the rules in the .htaccess file above the members directory and you would need to make the same entries in your members .htaccess that contains the auth directives. __________________ SnapReplay.com a different way to share photos - iPhone & Android

2008-02-10, 01:13 PM	#3
Saturnin A woman is like beer. They look good, they smell good, and you'd step over your own mother just to get one! Join Date: Jul 2006 Location: Edge of the Universe Posts: 53	Thanks .... here's what I've put in the file so far... order allow,deny deny from 124.115.0 deny from 210.21. deny from 210.22. deny from cncnet.net deny from 210.52.149.2 deny from 210.52.207.2 deny from 210.53.31.2 deny from reverse.gdsz.cncnet.net deny from gdsz.cncnet.net deny from 220.250.64.22 deny from 210.21.220.6 deny from 220.250.64.19 deny from 220.250. allow from all RewriteEngine On RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR] RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR] RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR] RewriteCond %{HTTP_USER_AGENT} ^Custo [OR] RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR] RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR] RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR] RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR] RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR] RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR] RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR] RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR] RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR] RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR] RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR] RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR] RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR] RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR] RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR] RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR] RewriteCond %{HTTP_USER_AGENT} ^HMView [OR] RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR] RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR] RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR] RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR] RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR] RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR] RewriteCond %{HTTP_USER_AGENT} ^larbin [OR] RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR] RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR] RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR] RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR] RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR] RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR] RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR] RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR] RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR] RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR] RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR] RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR] RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR] RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR] RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR] RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR] RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR] RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR] RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR] RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR] RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR] RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR] RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR] RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR] RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR] RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR] RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR] RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR] RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR] RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR] RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR] RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR] RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR] RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR] RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR] RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR] RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR] RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR] RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR] RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR] RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR] RewriteCond %{HTTP_USER_AGENT} ^Wget [OR] RewriteCond %{HTTP_USER_AGENT} ^Widow [OR] RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR] RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR] RewriteCond %{HTTP_USER_AGENT} ^Zeus RewriteRule ^.* - [F,L]

2008-02-11, 01:55 AM	#5
Saturnin A woman is like beer. They look good, they smell good, and you'd step over your own mother just to get one! Join Date: Jul 2006 Location: Edge of the Universe Posts: 53	That URL is using multiple IPs, and seems to have been changing IP numbers on a quicker basis than were updated in some of the IP trace directories. Just keep running through directories until you get the right combination....

2008-02-11, 02:48 AM	#6
Maj. Stress Progress rarely comes in buckets, it normally comes in teaspoons Join Date: Jun 2005 Location: Dark Side Of Naboo Posts: 1,289	Maybe you could ban by country as mentioned in this post. http://www.greenguysboard.com/board/...81&postcount=3

2008-02-13, 01:40 AM	#9
Saturnin A woman is like beer. They look good, they smell good, and you'd step over your own mother just to get one! Join Date: Jul 2006 Location: Edge of the Universe Posts: 53	Thanks everybody, it seems to have done the trick... the access file is working again.... (I think it had something to do with identifying the underlying IP, which the URL name was not doing somehow)... but the advice was good, and I'm still going through it all.