homepage Welcome to WebmasterWorld Guest from 54.226.43.155
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
Stopping someone by hostname
axim




msg:3505231
 12:16 am on Nov 15, 2007 (gmt 0)

I have a problem with an ex business partner who thinks they are a hacker. They gained ftp access to my site and deleted it and the forums etc.

They are now going to my site and spamming us by the form mailer script we have on the site with death threats. I want to block them from accessing our site altogether with .htaccess

They use shawcable.net and I looked at their hostname in my logs and it ended in va.shawcable.net

Will a .htaccess file like this work to block them?
order allow,deny
deny from *.va.shawcable.net
allow from all

Is there anyway to block them also by browser? they use netscape browser.

I am very new to this stuff and appreciate any help I can get

 

jdMorgan




msg:3505288
 1:45 am on Nov 15, 2007 (gmt 0)

I would be wise to block by a combination of remote host, user-agent, and any other factors you can use to narrow down the number of affected users. For example, you might block a half-million potential customers by blocking all shaw customers in Virginia.

If the troublemaker is on a fixed IP address or uses a limited range of IP addresses, it would be far simpler to just block that one address, or a small range of addresses that include his IP address(es).

BTW, the proper term for what you're doing now is "blocking by remote hostname" and the proper syntax [httpd.apache.org] is

Deny from va.shawcable.net

[added] You might also consider feeding him false content -- A page that says it submits, but doesn't really, and then generates a second bogus error message leading him to believe that your site is broken and your business is on its last legs. Never give out any additional true information to your enemies, and make sure that all misinformation is utterly consistent. :) [added]

Jim

[edited by: jdMorgan at 1:48 am (utc) on Nov. 15, 2007]

wilderness




msg:3505370
 3:19 am on Nov 15, 2007 (gmt 0)

Is there anyway to block them also by browser? they use netscape browser.

I am very new to this stuff and appreciate any help I can get

There are laws in Canada that would like have more effective (however not immediate)results more stringinent than the US.

I have portions of sub ranges of Shaw denied from both the Maritimes and Alberta. These denies were based actions of a few that were focusing on my pages.

You may reduce the innocents (at least in most instances) by creating a deny which is based on both the IP range and the User Agent, although I'm not so sure that focusing on Netscape would be ideal.
Perhaps there is some other phrase or number in the broswer User Agent that would prove more focused?

These threads (although very long) will assist you.
[webmasterworld.com...]
[webmasterworld.com...]
[webmasterworld.com...]

axim




msg:3505475
 6:38 am on Nov 15, 2007 (gmt 0)

Thanks guys.

This guy basically stole 100 000 dollars worth of stock from us and never put one cent into the business. We where to trusting and not only did he screw us over he is now rubbing our face in it.

I will read up on this and I really appreciate the help you have given us its been great.

axim




msg:3508182
 6:36 pm on Nov 18, 2007 (gmt 0)

How do I block netscape browser?
Can someone please write it out for me as I have been trying to work it out and cant :(

jdMorgan




msg:3508222
 8:08 pm on Nov 18, 2007 (gmt 0)

> Can someone please write it out for me

Please see our forum charter [webmasterworld.com]. Post your best-effort code so that we can discuss it.

Jim

wilderness




msg:3508223
 8:09 pm on Nov 18, 2007 (gmt 0)

Please provide the User-Agent portion ONLY of such a log visit (your reference) and I'll locate a reference.

some Examples from my November logs:
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)"

"Firefox/1.0 (Windows; U; Win98; en-US; Localization; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)"

"Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)"

"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20060111 Netscape/8.1"

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20070321 Netscape/8.1.3

And there are many more.

Deny any UA which "contains" Netscape

which as previously advised is a terrible idea, unless combined with an IP range requirement

# If User-Agent contains Netscape and visitor comes from IP 123.456.789.0-255
RewriteCond %{HTTP_USER_AGENT} Netscape
RewriteCond %{REMOTE_ADDR} ^123\.456\.789\.
RewriteRule .* - [F]

wilderness




msg:3508232
 8:24 pm on Nov 18, 2007 (gmt 0)

BTW,
There are examples of these types of denies in the previously mentioned LONG THREAD links that I provided.

It seems you missed reading them?
One example:
[webmasterworld.com...]

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved