Web Hosting Talk






PDA

View Full Version : failed to block IP in .htaccess and httpd.conf

hula
11-20-2004, 11:56 PM
Hello,

Recently my server is under attack from a win98 computer and from this block of IP: 220.95.221, which eats up 6 GB bandwidth daily.

I have exhausted any snytax I can find on the web on how to block IP in either htaccess file and httpd.conf file. Believe me, I have tried every possible combination. Not a single one works. My server is getting hits from that block of IPs every 10 seconds.

I am using apache 1.3 and cpanel. What can I do???

SOS!!!
assistanz247
11-21-2004, 12:15 AM
Hi Hula,

It seems to be script based attack contact

sawfish_666 at yahoo dot com
assistanz247
11-21-2004, 12:17 AM
Pm me I will check it out.
YUPAPA
11-21-2004, 02:05 AM
Order Allow,Deny
Allow From all
Deny From 220.95.221
hula
11-21-2004, 02:29 AM
Thank you guys for reply. actually I have tried all possibilities and have restart apache after every conf file change. All made no use. Then I contact my server management company and they asked me to run a command as root:

iptables -I INPUT 1 -s 220.95.221.0/24 -j DROP

That has stopped the attack. I hope it won't come back. Let me wait and see.

I just don't understand why the following thing or a like does not work:
Order Allow,Deny
Allow From all
Deny From 220.95.221

In addtion, this is what I was told:
Really the only way to block a host from accessing your server is with a hardware firewall, or some other inline device.
YUPAPA
11-21-2004, 02:38 AM
That .htaccess file is only for blocking host accessing your http server. So if they are attacking on other ports, it does not help ~

The reason the .htaccess file isn't working is because you may have disabled the override option in httpd.conf ~
hula
11-21-2004, 02:57 AM
The reason the .htaccess file isn't working is because you may have disabled the override option in httpd.conf ~

What type of override? My .htaccess is actually working because I have some redirects in that file and redirects work fine.
YUPAPA
11-21-2004, 03:09 AM
I am talking about the AllowOverride directive ~
It controls what directives may be placed in .htaccess files ~

Since you have redirect working in a .htaccess file, then the AllowOverride option is on ~
robgct
11-21-2004, 03:13 AM
Originally posted by YUPAPA
I am talking about the AllowOverride directive ~
It controls what directives may be placed in .htaccess files ~

Since you have redirect working in a .htaccess file, then the AllowOverride option is on ~ why do you type ~ after every line
assistanz247
11-21-2004, 03:27 AM
Also you can install apf and it will block illegal IPs who are trying to attack your server. It will maintain the blocked list of IPs in /etc/apf/deny_hosts.rules. Apf is a very good and robust firewall.
hula
11-21-2004, 03:49 AM
Also you can install apf and it will block illegal IPs who are trying to attack your server. It will maintain the blocked list of IPs in /etc/apf/deny_hosts.rules. Apf is a very good and robust firewall

Thanks for the info. I will give it a try.
firestarter
11-21-2004, 08:29 AM
Dont forget to install BFD with that. BFD along with APF makes a good combination to even protect a DDOS( not so large though ;) )