DeeCee - 7:54 am on Apr 6, 2012 (gmt 0)

Yes, @Wilderness. That is a bit extreme. :)
But if only interested in traffic from one country or one small group, it kinda works. But then, if you are interested only in North American readers, then why not merely check the country code through Apache or .htaccess and ban by country? :)

And Yes, you are right. It becomes a quite long list, when blocking individual IPs. I catch hundreds of IPs/day, tracked across 50+ categories.


@sftriman,

Too much for a site to be running through in a PHP based simple compare check list. It will eventually take the site to its knees as the list grows.. Try putting some time measuring code at various points logging execution time for your checks compared to actual page generation. I think you will find that comparing each IPs in PHP like you do can eventually "take over" your system. Slow a site down significantly.

I track offending IPs both as individual IPs and as policy blocks that takes out ranges or CIDRs as well, across a set of both real sites, honey pots sites (dummy sites attracting only offenders), and through firewall log analysis. Both web-site and other offenders, such as cpanel, SSH, vicidial, database and other hackers. I drag many of them into tar-pits. Mostly because it is fun to watch the crawlers being slowed down like hit by a bug-zapper.

But I track the catches continuously into classified DNSBLs (currently a dozen or so lists, depending of blocking level), that are updated normally once an hour, and then block "invalid" offenders using that and various other methods.

Right now for Wordpress sites I kick them out using a Spam/Security block plugin, blocking tracked scrapers and such, plus catching spam.

I am right now working on a Apache module that will block using various DNSBL methods, but inside Apache, to stomp out bad actors before they waste execution of web-site code. That shaves off a lot of otherwise wasted server/network bandwidth. (Plus it protects the content)