Web Hosting Forum | Lunarpages


*
Welcome, Guest. Please login or register.
Did you miss your activation email?



Login with username, password and session length
October 02, 2014, 04:32:53 AM

Pages: [1]   Go Down
  Print  
Author Topic: Banning IP numbers via htaccess more efficiently  (Read 5935 times)
CraftArt
Newbie
*
Offline Offline

Posts: 3


« on: April 02, 2013, 06:04:25 AM »

I use htaccess entries to protect and manage my sites. Lately I've noticed a bunch of badly behaving IP numbers in my log. They seem to be automated scripts or bots trolling my site, I don't know why but it makes me uncomfortable. It certainly is not normal visitor behavior. I would like for someone familiar with IP number ranges and blocks give me some tips, or help me to "crunch" this list to make it shorter, instead of blocking one-by-one.  How can I do this better?  Thank you.

 Grr..!!  Grr..!!  Grr..!!  Grr..!!
### Added to block badly behaving IPs ###
deny from 23.20.7.152
deny from 23.22.242.107
deny from 23.22.254.252
deny from 50.16.10.19
deny from 50.17.7.157
deny from 50.19.25.94
deny from 50.112.25.129
deny from 54.234.31.200
deny from 54.234.75.166
deny from 54.234.145.174
deny from 54.234.156.105
deny from 54.234.157.238
deny from 54.234.202.163
deny from 54.235.8.83
deny from 54.235.21.55
deny from 54.242.59.181
deny from 54.242.103.89
deny from 66.172.58.13
deny from 67.202.31.32
deny from 74.125.18.17-74.125.18.23
deny from 74.125.19.0/25
deny from 74.125.176.0/23
deny from 74.125.178.0/24
deny from 74.125.179.0/32
deny from 74.125.179.8/29
deny from 74.125.179.16/28
deny from 74.125.179.32/27
deny from 74.125.179.64/28
deny from 74.125.179.80/29
deny from 74.125.182.17-74.125.182.38
deny from 74.125.183.17
deny from 74.125.183.18-74.125.183.20
deny from 107.22.137.236   
deny from 107.21.68.190
deny from 115.114.59.182


Thank you.
« Last Edit: April 02, 2013, 06:17:18 AM by CraftArt » Logged
MrPhil
Senior Moderator
Berserker Poster
*****
Offline Offline

Posts: 5885



« Reply #1 on: April 02, 2013, 08:21:29 AM »

Have you checked those IP addresses in whois? At least some of them are Google. You generally don't want to ban Google, unless you don't want your site to be on search engines.

If "good" bots are doing "bad" things, use robots.txt to restrict the places they can look in and index.
Logged

Visit My Site

E-mail Me
  
-= From the ashes shall rise a sooty tern =-
CraftArt
Newbie
*
Offline Offline

Posts: 3


« Reply #2 on: April 02, 2013, 04:21:46 PM »

Thank you for pointing this out. You are right, I will have to re-check these IP numbers one more time, one-by-one. You are 100 per cent correct that blocking Google would be a self-defeating mistake. The ones I checked (WhoIs) point to Google Translate, not Google, as in the spider. A fellow web developer shared with me that Google Translate can be used to cloak (?) or hide an IP number. I lack the words to explain it, but somehow it can be done by using Google Translate as a proxy.  So, if there is something from Google Translate showing up in my logs in ADDITION TO a suspicious pattern, then I feel strongly it cannot be a good thing. My site, a very long established authority niche site, has been copied, scraped, attacked with negative SEO and I am diligent and super careful, but I will double check.

If it looks fishy, smells fishy, it is a rotten fish and goes.
 Fishy

http://www.videorolls.com/watch/hide-ip-address-fast-with-google-translate
Logged
MrPhil
Senior Moderator
Berserker Poster
*****
Offline Offline

Posts: 5885



« Reply #3 on: April 02, 2013, 05:44:52 PM »

I only checked a few, and saw that they were registered to Google. I don't know who is googlebot and who is some other part of the Google empire. I have not heard of Google Translate being a problem -- I didn't know they sent out spiders for anything. I also hadn't heard anything about that being a proxy or cloaking service. When did they move out of language translations? Can you share some reliable sources for this information?
Logged

Visit My Site

E-mail Me
  
-= From the ashes shall rise a sooty tern =-
CraftArt
Newbie
*
Offline Offline

Posts: 3


« Reply #4 on: April 02, 2013, 06:23:53 PM »

I only checked a few, and saw that they were registered to Google. I don't know who is googlebot and who is some other part of the Google empire. I have not heard of Google Translate being a problem -- I didn't know they sent out spiders for anything. I also hadn't heard anything about that being a proxy or cloaking service. When did they move out of language translations? Can you share some reliable sources for this information?

I posted a YouTube video that shows how it is done. Here it is again:
http://www.videorolls.com/watch/hide-ip-address-fast-with-google-translate

Google Translate does not send out spiders, and I wouldn't necessary call it a cloaking service (emphasis on service). It's simply being used as such... an anonymous browser. If I get one hit I don't worry, but rather, assume someone truly wanted to see my site translated. But when I notice suspicious behavior patterns then I get, well, suspicious, and I've seen them.

How to Sneak Past Web Filters and Proxy Blockers with Google Translate
http://null-byte.wonderhowto.com/how-to/sneak-past-web-filters-and-proxy-blockers-with-google-translate-0133259/
« Last Edit: April 02, 2013, 06:26:47 PM by CraftArt » Logged
Taser
Spacescooter Operator
*****
Offline Offline

Posts: 46


« Reply #5 on: June 03, 2013, 04:53:23 AM »

1 - Banning list shortened + 1 - My list of banned IP#s

1 - To answer the question you can shorten a list by dropping the trailing numbers of common IP#s like this

for example
123.456.111.1
123.456.222.1
and make it just
123.456.


2 - My list of banned IP#s - I don't think I have any genuine robots blocked here. Most of this is china. I don't even care who or what is visiting my account from some backwater province in China, it gets blocked now. Had to resort to this after a brute force attack on my account that resulted in a warning of high resource usage.

deny from 94.242.237.119
deny from 220.249.164.253
deny from 91.236.74.7
deny from 36.248.101.9
deny from 220.250.43.180
deny from 31.202.
deny from 176.53.56.
deny from 198.200.36.
deny from 110.90.
deny from 94.242.
deny from 123.151.
deny from 178.32.219.
deny from 180.76.
deny from 180.76.5.170
deny from 123.151.148.
deny from 94.228.34.237

I wish these were blocked by default hostwide.
Logged
Pages: [1]   Go Up
  Print  
 
Jump to: