Admit it, a lot of your traffic is spambots. I know I see a lot of traffic from other countries to my blog for various reasons, and a good portion of them are SPAM. Blogging aside, what if you’ve got a community site that only a limited number of users will need access to? Well what about using that .htaccess for the purposes of keeping everyone else out!
That was the problem I ran into with one of my community sites. I was getting daily notifications of “new users” most of which were obvious combinations of a first-name/last-name dictionary attack, using out-of-country email addresses or free domain email addresses that require no invite, from IP addresses of non-community origin. I needed to remove the annoyance of these persistent email notifications. The solution was to eliminate access to the site from outside my community.
Step one was determining IP addresses. For my situation, I wanted to limit access to the entire United States. I did some searching and found a US zone file at IPdeny.com. Here is a listing of all countries they have zone files for. Step two was formatting the zone information such that it could be parsed through an Apache .htaccess file. I copied the zone information into a text document (using Notepad++), added the Limit clause to the top with the order clause below it, and set up a macro to add the allow from before each IP address on every line. After a portion of time, my macro completed and I added a deny from all line, and closed the Limit tag.
The result looked like this:
<Limit GET HEAD POST>
order deny,allow
allow from 3.0.0.0/8
allow from 4.0.0.0/8
…
allow from 216.255.192.0/19
allow from 216.255.240.0/20
deny from all
</LIMIT>
At that point it was just a matter of saving the document out to my .htaccess file and testing. To do so, I searched the document for my IP block and commented it out with a ‘#’. I got a 403 Forbidden page, so I uncommented my IP block and tried again. PRESTO! Works like a charm.
A couple of other things you may want to do would include blocking a single country (instead of allowing a single country like I did) or to allow additional IPs through, in the case of someone unable to access using the list you obtained. To block a single country, you would change the “allow from” statements to “deny from” statements and use the IP addresses from that specific country. Some people would only like to block the most notorious countries (Nigeria, for example). In order to add a single IP address you create a new line, and put the IP address with a /32 on the end. You can add as many “allow from” or “deny from” IPs to this list as you desire.
Tags: .htaccess, apache, blocking IP, blog, forum, SPAM prevention, web
Tags: .htaccess, apache, blocking IP, blog, forum, SPAM prevention, web
When not spending time behind a computer screen bringing you his latest blog posts; you might catch him playing video games on his PC; eating/cooking something in the kitchen of his house in Northwest Georgia; watching movies from his Netflix queue; volunteering for the Boy Scouts of America; fueling his wilderness interests by hiking, camping, backpacking, rafting, kayaking; sustaining his established hobbies in Amateur Radio, videography, photography, or music; running his DJ business with his brother as a partner; or hanging out with his friends doing any number of fun activities. 