I've decided to try a more brute force approach to stopping the worst of the spammers...
I first tried using MT's IP blocking, but it doesn't appear to work too well, so, I decided to go right to the server...
My approach was to use an .htaccess file to block specific IP addresses. I know that IPs change all the time, but at least I can stop some of the systems which are absolutely hammering my server right now.
Not only did I end up having to place the .htaccess files in the root directory of the virtual server, but also in the cgi directory.
At first, that alone didn't work.
Turns out I also had to modify the Directory sections of httpd.conf to change from AllowOverride None to AllowOverride Limit.
Those changes, and a restart of the httpd process seem to be helping.
The specifics of .htaccess?
<Limit GET POST>
Order Allow,Deny
Allow from all
Deny from aa.bb.cc.0/24
</Limit>
The aa.bb.cc is replaced with the first three stanzas of the offending segment - in this case, there were a number of servers all hitting me from this segment, so I blocked the entire thing. Note, that's a zero after the cc. not the letter O, to limit a specific IP address, you would add another line Deny from ee.ff.gg.hh
Note the Order statement seems counterintuitive to me, but here's a good explanation: http://httpd.apache.org/docs/1.3/mod/mod_access.html#order
Digg It!
Bookmark it!
Posted by David at November 12, 2006 07:07 PM