Hi Dancing_Otter and welcome to WebmasterWorld [webmasterworld.com]

Using CP's cphulk can be used to block access but there are simpler ways to deal with unwanted visitors. An IP address is not frequently assigned to a residential customer with an ISP account. For that reason, it is best to do a lookup and find the limitations of that ISP because it may be a small local ISP with a small block of IP addresses or it could be huge and variable on large ISPs such as regional ISPs (Verizon, Charter Cable for example). Understanding the size of possibilities can help you decide if you want to block a single IP or an entire CIDR range.

In general, ControlPanel tools add a layer of work for your server that can be avoided by blocking unwanted traffic via either server configuration files or for hosted domains, using your .htaccess file. Because there is not any server environment information included in your post I am guessing that you are not hosted on a private server but rather host your domain on shared hosting? It helps to know.

The best place to determine what is happening is by reviewing your access logs where you can view individual visits and possibly find a simpler way to block access.

On a broader scale: If you get offensive visits from a particular IP, and it resolves to a residential ISP* rather than a server farm, it may well be an infected machine. In that case it's appropriate to block the exact individual IP, down to the last digit. (I track these separately, and check every few months to see it they're still active.) Otherwise, learn the range, and block the whole thing. A server that hosts one robot will sooner or later host twenty others.

IP addresses are individually assigned within the

:: pause to count on fingers ::

five different registries, each representing a geographical area. They're not permanently allocated to a single country. An address that's German today may be French next week.

An IP address is not frequently assigned to a residential customer with an ISP account.

Maybe not officially, but mine has been the same for several years, even when there was a power outage and the router was out for more than 24 hours. On the other hand, a single visit from a cell phone may hop about wildly from one IP to another. If an IP resolves to a cell provider, it would be utterly pointless to block it.


* There are other possibilities than those two: for example, a non-tech-related business, or an educational institution. For those you may need more information before deciding what action to take. Is it a student who has downloaded malware, or is a computer-science class with a “create a robot” assignment?

Another option is to look for malformed User Agents. While not the bright shiny object of years past, it is still valid to eliminate TONS of unwanted too lazy to come up with a "valid" UA... Might spare having to insert in a IP list. Meanwhile, you'd have to keep an eye on both UA and IP to make sure nothing undesired is getting through.

Thanks so much to all the repliers.
I should have added these two facts I edited out by total accident:
1) I'm on a VPS

2) my products are worthless to anyone in a different country
and all the attacks have been from other side of the globe

But I'll use the advice and look at the IP blocks so I don't close out unnecessary people

Some international traffic would help SEO and the articles are still useful offshore; I just can't export the nature of my products... but I also don't want to block a whole province in case they like to read the niche articles.

I can't pay people to help with the site until I make money and stop feeding the dog on credit --
-- you guys helped and now I know it's how I thought it was, the way the IP's are grouped, thanks for the reference source!


Unpleasantly wordy version:
I moved from shared hosting to a VPS which I suppose acts like a dedicated server, but I don't have time for loads more learning (and I'm literally autistic enough to be hurt by constantly changing how to do everything) so I installed cPanel and even Softacular on the VPS, just like shared hosting, so nothing would change (I moved b/c that was wayy too slow to initially load a first page after the site sat unvisited... and 5-minute pings to help were working intermittently and also absurd). I'm out of time to be "setting up" any more and this way I could keep spending my time struggling to keep up with the other aspects of the craftsmanship and sales (not yet profiting).

Thanks again!