How do you block an IP if it is spoofed?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • RMG
    Confirmed User
    • Apr 2002
    • 542

    #1

    How do you block an IP if it is spoofed?

    I'm getting loads of shit hitbot/leech traffic from

    n167068.ap.plala.or.jp
    219.165.167.68

    This is obviously BS information because I've blocked this ip in my htaccess and the shit is still comming in.


    Any ideas?
  • notjoe
    Confirmed User
    • May 2002
    • 5599

    #2
    Originally posted by RMG
    I'm getting loads of shit hitbot/leech traffic from

    n167068.ap.plala.or.jp
    219.165.167.68

    This is obviously BS information because I've blocked this ip in my htaccess and the shit is still comming in.


    Any ideas?
    Use ipfw (if you're running fbsd) or some sort of firewall tool and just drop the ip. see if you still get hits from it. If you're running FreeBSD i can give you some rules to ensure non spoofing ips only connect to your machine.

    Comment

    • RMG
      Confirmed User
      • Apr 2002
      • 542

      #3
      Is there a way to find out and block it in htaccess?

      I have no idea what is, but its saying one of my other sites is sending hundreds of raw hits per hour to another one of my sites.

      On the site supposedly sending these hits, there is nothing funny looking in the trade admin at all.

      Comment

      • wsjb78
        Confirmed User
        • Jun 2002
        • 594

        #4
        you can ignore it with HTAcccess... or even redirect it.... it's somewhere in the "Deny" section.... I'd need to look the correct syntax up.

        Comment

        • RMG
          Confirmed User
          • Apr 2002
          • 542

          #5
          i'm all ears.

          right now i have

          order deny,allow
          deny from 219.165.167.68
          allow from all

          and i'm still getting the shit.

          Comment

          • pr0
            rockin tha trailerpark
            • May 2001
            • 23088

            #6
            Thats not spoofed

            When you start getting hits from...

            6.6.6.6

            and

            1.3.3.7

            Thats a spoof bot/attack
            __________
            Loadedca$h - get sum! - Revengebucks - mmm rebills! - webair (gotz sErVrz)

            Comment

            • NetRodent
              Confirmed User
              • Jan 2002
              • 3985

              #7
              Even if you "block" an ip in htaccess, the request will still go into the logs. If it is properly blocked, the response code should be something like 403 instead of 200.
              "Every normal man must be tempted, at times, to spit on his hands, hoist the black flag, and begin slitting throats."
              --H.L. Mencken

              Comment

              Working...