0

my site is under a botnet attack with multiple IP addresses; the attack consuming bandwidth. I've created this entry in .htaccess but seems does nothing:

 RewriteEngine on
 RewriteCond %{REQUEST_URI} /index\.php [NC]
 RewriteCond %{HTTP_REFERER} mysite\.com/ [NC,OR]
 RewriteCond %{HTTP_REFERER} mysite\.com/index\.php [NC]
 RewriteCond %{HTTP_USER_AGENT} Mozilla/5\.0\ \(Macintosh;\ Intel\ Mac\ OS\ X\ 10_7_5\)\ AppleWebKit/537\.36\ \(KHTML,\ like\ Gecko\)\ Chrome/27\.0\.1453\.116\ Safari/537\.36 [NC]
 RewriteRule .* - [F,L]

I discovered that the attack using a huge number of IP addresses, but:

  1. Same REQUEST URI (/index.php)
  2. Two kind of REFERER (mysite.com and mysite.com/index.php)
  3. Same UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.71 Safari/537.36

Seems that my code in .htaccess do not stop this attack; does someone can give some hints or improve/correct my code?

thx den

user3535444
  • 1
  • 1

1 Answers1

0

What are you trying to ask? Are you asking how can you stop this attack? If so I would suggest looking at your Cpanel for editing your website. Also contact your web hosting service. Also are they leaching images or do you not know? If you know the IP Addresses then you can ban them unless the list is way to long.

Banning An IP Address

Sometimes you just don't want a certain person (or bot) accessing your website at all. One simple way to block them is to ban their IP address:

order allow,deny deny from 192.168.44.201 deny from 224.39.163.12 deny from 172.16.7.92 allow from all

-Reference-(http://blamcast.net/articles/block-bots-hotlinking-ban-ip-htaccess) There is a lot more info about Bots and dealing with them including bandwidth leaches to blocking them to denying access to the bots. If this is what you are looking for please check it out. -TheDeveloperGuy-

StackOverFIow
  • 1
  • 1