Ok, I found out a little on Google. It seems it is an individual rather than a website. It seems like a sort of DoS attack. I will report to abuse@att.net (It's from their IP block). How do I find out if I have access to my hta access to block it from my site?

How do I find out if I have access to my htaccess to block it from my site?

Is your website Windows based or Apache based?
If Apache? Do you enter your site through a Control Panel on the http side?
The root folder you upload your domain files to should contain a htaccess file.
Open it on the http side and add the lines you desire.
Save the file.
Exit the Control Panel.
Make SURE that you check your website to assure it functions after the htaccess change.

If Windows based-IIS?
It requires httpconfg (sp?) somebody else will need to help you.

The web server is Apache Version 1.3.27.
When I go in through the account control panel into file manager or using ftp there is no such file. I'm guessing I would go into a text editor, cut and paste whichever one of the solutions found here that I like and save it as htaccess? Is there an filename extension?

After a little research i will try this

order deny,allow
allow from all
deny from 12.119.251.194

Saved it with wordpad as htaccess.txt, uploaded via ftp to root directory then changed the name to .htaccess

Does that sound about right?

Well, that didn't work. So I removed the line 'allow from all'

12.119.251.194 - - [14/Jul/2003:23:13:54 -0400] "GET / HTTP/1.1" 403 210 "-" "Mozilla/3.01 (compatible; )" :)

I have a similar thing happening... bunch attacks from _ ip 208.159.61.XXX block.

Java/1.4.1_02 208.159.61.201
Java1.3.1_01 208.159.61.196
Java/1.4.2-beta 212.68.215.226
Java1.3.1 208.159.61.115
Java/1.4.1 208.159.61.118

Its hitting the site like every few minutes 24/7.

Try
order deny,allow
deny from 208.159.61.
in your .htaccess file

The guy GETting my indeex was GETting it up to 4 times a second.
The report to abuse@att.net had no immediate affect, other than too initiate an autoresponse.

Well, that didn't work. So I removed the line 'allow from all'

Powdork

The correct syntax should be as follows:

order allow,deny
deny from 12.119.251.194
allow from all

I would also suggest rather than restricting yourself to the
solitary 194 last class that you chop it off at "251." and don't forget to include the period after 251

Don

bunch attacks from _ ip 208.159.61.XXX block.

thewebboy
Rather than restict the Java intruder to that specific IP?
I would suggest eliminating any Java intrusions in the future by using the following:

SetEnvIf User-Agent ^Java keep_out
order allow,deny
deny from 208.159.61.
allow from all
deny from env=keep_out

This catches ALL UA's which "begin with Java" and are followed by anything of any length.
Should yu desire to add in the IP range (as I have) you may do that also.

Don

am i wrong or have i really seen a bunch of posts on the user-agent: Mozilla/3.01 (compatible

-usually from far east? You might want to block it using the same method suggested for the Java bot.

/claus

claus
there are two separte issues here.
Powdork was not denying on the UA, rather the IP range.
thewebboy although he was advised on the IP range, the UA of Java and deny is more appropiate.

The mozilla 3 discussion was quite lengthy. Thanks for recalling the caution.

Don

Wilderness,
Thanks for all your help. Is the 'allow from all' necessary, or is it the default setting? When I eventually learn about all this mod_rewrite stuff can I just add it to the .htaccess or do I have to make modifications to allow for that.
Thanks

Powdork, you've specified this order:

order allow,deny

This means that allow-directives are processed first, and that access is denied by default. If you do not include the "allow from all", everyone that are not specified explicitly gets denied (that means all in this case). If you change to this order:

order deny,allow

Then deny-directives will get processed first, and access is allowed by default. That is: with this order you don't need the "allow from all" line.

/claus

Powdork
This page explains the use of deny and allow:
[httpd.apache.org...]

BTW, I would suggest starting with a very simple htaccess. Perhpas using a single example of the most common entries to deny and allow and THEN, once you have understood and watched those lines work?
Begin expanding to the ranges you desire.

Thanks Claus, I had actually specified deny,allow. That would explain why the first try (msg 5) didn't ban the bugger, but when I removed allow from all it did. Everyone else is making it in fine.
Thank You too wilderness, I think this was about the smallest cliff I could find to jump off of into the nether regions of my site. I didn't ban any more than the one IP because I found out a little more and decided it wasn't necessary at this point. I'll keep an eye out however.