Welcome to WebmasterWorld Guest from 107.20.54.98

Forum Moderators: phranque

Message Too Old, No Replies

Should I block competitor?

     
3:57 pm on Nov 18, 2013 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member

joined:July 1, 2004
posts: 780
votes: 12


One of my competitors is frequently all over my site. He used to continually click adwords ads until I excluded his IP (and reported him to Google). Should I go the whole distance and ban his IP from my site?

I don't trust him at all - since he has been visiting my site regularly I have had thousands of hack attempts on the wordpress admin login pages (luckily I have a plugin that suspends IP's for 48 hours for 4 incorrect login attempts). I can't prove anything, obviously, but he is certainly up to no good.

Should I block him? If so, how best to do it?
5:38 pm on Nov 18, 2013 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:22318
votes: 240


They have no legitimate purpose to attempt such log ins. Block the IP, no matter who it is.

Block them with .htaccess
[webmasterworld.com...]
3:26 pm on Nov 19, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:May 31, 2006
posts:1209
votes: 7


Absolutely, yes, block them in .htaccess so they see nothing.
8:24 pm on Nov 19, 2013 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:10544
votes: 8


something to consider when blocking a live human - if you use a Deny or a mod_rewrite [F] flag to block a request, you are sending a 403 Forbidden response, which can have psychological effects.
if your blocking technique uses mod_rewrite, you also have the option of using the [G] flag which sends a 410 Gone response.
it's a subtle thing, but one message is about the visitor and the other message is about the content.
8:45 pm on Nov 19, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 21, 2002
posts:729
votes: 8


Redirect him to his own site <EG>
9:49 pm on Nov 19, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month

joined:Apr 9, 2011
posts:12719
votes: 244


which can have psychological effects

Paradoxically, you only say this because you're a webmaster. Until I had my own site with its own htaccess, I didn't really understand what a 403 [F] is. There are two things a human sees:
404 = ain't no such page
403 = this directory doesn't have an index
In practice, that is the only time a human ever sees a 403 page. So you may not even realize that you've been unconditionally blocked. My current 403 page-- written entirely for humans-- says
::shuffling papers::
I donít know how you got here, so youíll have to use your browserís Back button to return.

If you donít know how you got here, these are the general areas to try. {the page includes the ordinary navigation footer} If you got here by clicking on a link from elsewhere on this site, please contact the webmaster {my contact page is open to everyone} so I can fix it.

Finally: If you clicked on one of the links below and got bounced right back here, it means the server thinks you are a robot. Again, contact me and Iíll see what I can do.
8:51 am on Nov 20, 2013 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member

joined:July 1, 2004
posts: 780
votes: 12


Thanks everyone. That's helpful. Any tips on how I would implement the 410 option?
10:38 am on Nov 20, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month

joined:Apr 9, 2011
posts:12719
votes: 244


A 410 never happens automatically, so you have to code it explicitly. You mentioned wordpress. Do you use htaccess?

It's clear that you already know when it's your competitor visiting. So that's what you block, whether it's his IP address or a distinctive UA or something else.

For example
RewriteCond %{REMOTE_ADDR} ^12\.23\.56\.78$
RewriteRule (^|/|\.html)$ - [G]

replacing "\.html" with any extensions you actually use for pages. The sole reason for the (^|/|\.html)$ element is to keep the server from having to stop and evaluate the condition on every single request. Presumably your evil competitor is not drifting around making "cold" requests for images and stylesheets.

If you currently don't have any other 410s, you may also like to make a custom 410 page that says something like "Get a life!"