+ Post New Thread
Results 1 to 9 of 9
Web Development Thread, Apache Ban IPs in Coding and Web Development; An interesting one. Our Moodle implementation seems to have a fan in the Ukraine. Well when I say fan I ...
  1. #1

    TechMonkey's Avatar
    Join Date
    Dec 2005
    Location
    South East
    Posts
    3,287
    Thank Post
    225
    Thanked 405 Times in 302 Posts
    Rep Power
    162

    Apache Ban IPs

    An interesting one. Our Moodle implementation seems to have a fan in the Ukraine. Well when I say fan I mean they are constantly trying to log in as admin. It is getting atad tiresome so I am thinking of banning the IP from the webserver. I can't think of any pitfalls & I can leave it a month & then remove as hopefully they will have moved on. Only problem is my Apache mojo is weak.

    I know there is a deny command that can be given to IPs but there seems to be confusion between whether it is best to do this in the .htaccess or in an over all config file. If it is the over all file I can't find which one.

    Any guidance?

    Ta

  2. #2


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,690
    Thank Post
    352
    Thanked 796 Times in 715 Posts
    Rep Power
    347
    I'd personally not do it in apache, I'd do it either on the box itself with iptables/ipfirewall or upstream preferably to take the onus off of your box completely.

    But if you want to do it, you could use

    deny from 1.2.3.4

    in .htaccess

  3. #3

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    I'd do this on your firewall (either iptables on the server or further upstream) to prevent other attacks like ssh.


    Edit: oh, kmount types faster

  4. #4
    p858snake's Avatar
    Join Date
    Dec 2008
    Location
    Queensland
    Posts
    1,490
    Thank Post
    37
    Thanked 175 Times in 151 Posts
    Blog Entries
    2
    Rep Power
    51
    If you want to do it at the apache level I believe the mod_security module can handle this.

    and a quick google reveals this Access Control - Apache HTTP Server

  5. #5


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,638
    Thank Post
    275
    Thanked 778 Times in 605 Posts
    Rep Power
    223
    I'm glad we're not the only moodle installation to be targetted by those bots.

    Bet you they're coming in on 91.212.*.* and 91.213.*.* right? 17-19 attempts, skip a couple of days and try again? I noticed it back in October.

    Bizarrely, they've also started trying "eminem" as a username since December.

  6. #6

    Join Date
    Sep 2009
    Location
    North East
    Posts
    28
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    block the IP's/range(s) or even the ukraine CCld *.ua depending whether the hostmask are using .ua; through iptables...

    I wouldn't do it through apache because they can still attempt to access your machine!

  7. #7

    TechMonkey's Avatar
    Join Date
    Dec 2005
    Location
    South East
    Posts
    3,287
    Thank Post
    225
    Thanked 405 Times in 302 Posts
    Rep Power
    162
    Yep, seems to be a constant IP of 91.213.121.24. Starting to get tempted to break out the old black Stetson & go on a rampage!

    Iptables seem the way to go as I don't think I can IP ban on our core switch. Second stupid question, IPtables on Server 2003?

  8. #8

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Quote Originally Posted by TechMonkey View Post
    Iptables seem the way to go as I don't think I can IP ban on our core switch. Second stupid question, IPtables on Server 2003?
    Windows Firewall then.

  9. #9

    Join Date
    Nov 2008
    Posts
    41
    Thank Post
    8
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by TechMonkey View Post
    Yep, seems to be a constant IP of 91.213.121.24. Starting to get tempted to break out the old black Stetson & go on a rampage!
    I've had encouraging results in the past by doing a whois lookup on offending IP addresses, then sending details of the attempted break-in to the "abuse" address which should be listed. Remember, there's often a techie not unlike yourself at the other end. They will share your concerns

SHARE:
+ Post New Thread

Similar Threads

  1. External IPs...How Many?
    By mrforgetful in forum How do you do....it?
    Replies: 8
    Last Post: 21st May 2013, 05:34 PM
  2. To Ban Or Not To Ban this is the question
    By NBC_Sys_C-ord in forum School ICT Policies
    Replies: 54
    Last Post: 5th December 2008, 10:24 AM
  3. Exchange and public IPs
    By FN-GM in forum Windows
    Replies: 3
    Last Post: 14th April 2008, 03:52 AM
  4. DHCP or Static IPs?
    By woody in forum Wireless Networks
    Replies: 13
    Last Post: 22nd November 2006, 01:20 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •