This IP is denied in .htaccess and it is STILL getting through!

[Plat]

How on earth is this IP 193.136.33.209 that is being denied right now using .htaccess executing my php script that is protected by the .htaccess deny file?

I have looked everywhere for an answer and cant seem to find one anywhere..hopefully someone on here will know.

[ServerGenius]

start by posting your .htaccess file....if you don't want to:
replace the IP you want to ban with your own IP and test if
it works....

DynaMite

[Plat]

PLAT DOES NOT HAVE AN ATTITUDE!!!! just trying to get an answer from this wacked out board! :c)

[Marco]

Put this in your .htaccess file and see if he still he gets through.

deny from 193.136.33.0/24

Marco
[email protected]
ICQ 29151164

[RK]

Quote:

Originally posted by Plat
How is this IP (user) wahtever the fuck it is still accessing my site?

How do you know that IP is still accessing your site?

[ServerGenius]

If you know what you are doing then why doesn't it work and do you ask?

DynaMite

[railz]

Quote:

Originally posted by Marco
Put this in your .htaccess file and see if he still he gets through.

deny from 193.136.33.0/24

Marco
[email protected]
ICQ 29151164

Just for information, what's the /24 for?

[ServerGenius]

/24 is a C-class of IP addresses....it means everything from:
123.123.123.0 until 123.123.123.255

DynaMite

[Ludedude]

/24 is used in classless interdomain routing (CIDR) as a way to work with blocks of IP's irrespective of the old method of fixed classes and subnets. CIDR allows a lot more flexibility in assigning IP's from a block rather than in fixed chunks of 255 addresses at a time.

In this case, it's just a different way to block the entire block from 193.196.33.0 to 193.196.33.255

Worth a try.

[Plat]

Ok look.

Im running a php file that redirects to c.cgi. I can see its still coming through by looking in my UCJ logs. I have renamed c.cgi to something else just in case it was coming in directly through c.cgi. It's a pronbot that is messing up my UCJ stats. Setting .htaccess deny will not work if the user comes directly in through a c.cgi link thats why I made the php file cause the .htaccess will deny that php file from being used. Tested by me for me using my IP and some friends did the same. All came out "forbidden" as it should. Now how is this one IP getting through and wreaking havoc still? IP Spoofing maybe? Thats the ONLY thing i can find by searching google but still it doesnt give a good enough explanation so i'm not positive.


DynaSpain:

Quote:

If you know what you are doing then why doesn't it work and do you ask?

GoFuckYourself! kthx

[Smegma]

Quote:

Originally posted by Plat
man i know wtf im doing. ive tested with my own IP... ive done literally all I can think of. How is this IP (user) wahtever the fuck it is still accessing my site?


this board is useless i swear! only topics that ever get read are the retarded ones that have nothing to do with the adult industry.

With your fucking attitude.. I'm amazed anyone helped you.

Go Fuck Yourself and the horse you rode in on!

[Plat]

where did u quote that from? thats a fake quote!... liez

[railz]

Wow - you learn something new every day.

So for a totally "effecitve" block, you could use

deny from xxx.xxx.xxx.xxx
deny from xxx.xxx.xxx
deny from xxx.xxx.xxx.xxx/24

Assuming it's a class C of course.

[ServerGenius]

I was willing to help....not anymore...first you post a problem
without any info...then you claim that you're allmighty and know it all......post again with info and wine you don't understand....

/etc/rc.d/init.d/apache stop <---my advice I'll guarantee it works! Even with IP spoofing dickhead!


DynaMite

[Plat]

kk im sorry i apologize for being so rude.

its been a long fucking day, im tired, want to go to sleep but no gotta find out how to fix this crap guy for good. and anyone who follows him.


Now what is this here? /etc/rc.d/init.d/apache or are u just mad and tryin to get me to crash my server or something? :c)

[ServerGenius]

/etc/rc.d/init.d/apache stop will stop your webserver....it will stop the attack but it's not what you are looking for.

THe IP range belongs to an university in Portugal
193.136.32.0 - 193.136.39.255 Try first blocking those nets.
It are leaching students only that you will block.

Their router blocks IMCP traffic so you can't ping/trace any
ip within that block. If you have access to IP chains of IP tables
block that range in there that's a lot better...then having your webserver to deal with it.

DynaMite

[AdultWire]

Your first mistake was thinking you knew what you were talking about. It doesn't matter how a user comes in. Put the .htaccess in the directory with the content you wish to protect. Read this 10 times before you come back in here being soooo right again.

[Plat]

Quote:

Originally posted by AdultWire
Your first mistake was thinking you knew what you were talking about. It doesn't matter how a user comes in. Put the .htaccess in the directory with the content you wish to protect. Read this 10 times before you come back in here being soooo right again.

AdultWire damnit man dont make me go crazy again and blow a gasket or something!


Yes I know .htaccess will deny an IP from viewing a directory..yes yes that is true that is like noobie talk. Ive been here forever and never seen this type of thing before happen k? Just because I am not mr. l33t poster with 2000 gfy posts does not mean im a fucking retard with no skills.

[Plat]

Quote:

Originally posted by DynaSpain

Their router blocks IMCP traffic so you can't ping/trace any
ip within that block. If you have access to IP chains of IP tables
block that range in there that's a lot better...then having your webserver to deal with it.

DynaMite

Wow because I did try to ping the IP address and it came up not returning some TTL.

So if I block out the entire range it should knock them out?
Still its weird that one IP getting through... and no other IP's withing that small range showing.

[ServerGenius]

if that IP is a firewall all traffic from behind that ip can appear to come from that IP....it all depends on their setup.

I did a traceroute on that IP it stops with a router from that another class within that netblock...I looked up the netblock
at the ripe whois database....

it can be a firewall, a proxy, or just a host....all I can see is that either a router or firewall is dropping ICMP traffic that's why you get the expire ttl message....

Blocking that whole netblock would be my first try if I would not
have access to ipchains

DynaMite

[ServerGenius]

Afterall it's not that hard using php to force fake headers for a http request.....

DynaMite

[ServerGenius]

I assume you have it solved....I can go to bed now

DynaMite

[Plat]

Yes I read about sending fake headers and am trying figure out the proper code. Anyone know the PHP code for this?

Maybe i am just a poon and this is forcing a fake header but I doubt it.

My current php file looks like this

<?php

Header("Location:http://www.domain.com/cgi-bin/ucj/c.cgi?url=$url&link=$link&p=$p");
exit;

?>

[TheFLY]

I like this thread ;) let us know if you were finally able to stop this IP!

[Za Ha]

Hey Plat do you ever write back on icq?

61294953

[ServerGenius]

I just woke up again.....did you solve it?

DynaMite

[Plat]

shit he's back again 193.136.33.209

I even tried the 193.136.33.0/24 method that is in .htaccess right as I speak. Still no go.

How do I force headers using php?

[ServerGenius]

193.136.32.0 - 193.136.39.255 deny all those nets

deny from 193.136.32.0/24
deny from 193.136.33.0/24
deny from 193.136.34.0/24
deny from 193.136.35.0/24
deny from 193.136.36.0/24

Then you have that whole netblock banned...that will work!

DynaMite

[Plat]

K this is freaky.. im denying all those netblocks and it is still getting through!!!