How do you block an IP if it is spoofed?
 

I'm getting loads of shit hitbot/leech traffic from

n167068.ap.plala.or.jp
219.165.167.68

This is obviously BS information because I've blocked this ip in my htaccess and the shit is still comming in.


Any ideas?

Use ipfw (if you're running fbsd) or some sort of firewall tool and just drop the ip. see if you still get hits from it. If you're running FreeBSD i can give you some rules to ensure non spoofing ips only connect to your machine.

Is there a way to find out and block it in htaccess?

I have no idea what is, but its saying one of my other sites is sending hundreds of raw hits per hour to another one of my sites.

On the site supposedly sending these hits, there is nothing funny looking in the trade admin at all.

:helpme

you can ignore it with HTAcccess... or even redirect it.... it's somewhere in the "Deny" section.... I'd need to look the correct syntax up.

i'm all ears.

right now i have

order deny,allow
deny from 219.165.167.68
allow from all

and i'm still getting the shit.

Thats not spoofed :1orglaugh

When you start getting hits from...

6.6.6.6

and

1.3.3.7

Thats a spoof bot/attack :thumbsup

Even if you "block" an ip in htaccess, the request will still go into the logs. If it is properly blocked, the response code should be something like 403 instead of 200.