Mobile app version of vmapp.org
Login or Join
Kristi941

: Trigger IP ban based on request of given file? I run a website where "x.php" was known to have vulnerabilities. The vulnerability has been fixed and I don't have "x.php" on my site anymore.

@Kristi941

Posted in: #Htaccess #IpAddress #Security

I run a website where "x.php" was known to have vulnerabilities. The vulnerability has been fixed and I don't have "x.php" on my site anymore.

As such with major public vulnerabilities, it seems script kiddies around are running tools that hitting my site looking for "x.php" in the entire structure of the site - constantly, 24/7.

This is wasted bandwidth, traffic and load that I don't really need.

Is there a way to trigger a time-based (or permanent) ban to an IP address that tries to access "x.php" anywhere on my site?

Perhaps I need a custom 404 PHP page that captures the fact that the request was for "x.php" and then that triggers the ban? How can I do that?

Thanks!

EDIT:

I should add that part of hardening my site, I've started using ZBBlock:


This php security script is designed
to detect certain behaviors
detrimental to websites, or known bad
addresses attempting to access your
site. It then will send the bad robot
(usually) or hacker an authentic 403
FORBIDDEN page with a description of
what the problem was. If the attacker
persists, then they will be served up
a permanently reccurring 503 OVERLOAD
message with a 24 hour timeout.


But ZBBlock doesn't do quite exactly what I want to do, it does help with other spam/script/hack blocking.

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Kristi941

2 Comments

Sorted by latest first Latest Oldest Best

 

@Barnes591

The PHP code that John Conde posted does not work. It replaces the entire .htaccess file as an undesirable result. The PHP below would be a good replacement for his PHP and I have tested it.

<?php
$ipdeny = 'deny from ' . $_SERVER['REMOTE_ADDR'];
file_put_contents('.htaccess', $ipdeny . PHP_EOL, FILE_APPEND);
?>

10% popularity Vote Up Vote Down


 

@Pope3001725

Recreate x.php and have it collect the IP address of anyone trying to reaching it. Then create (or modify) a .htaccess file that blocks them using Apache. The .htaccess file will look like this:

order deny,allow
deny from 123.123.123.123
deny from 255.255.255.255


Just keep appending to that file any IP address you want banned.

The x.php might look like this: (untested)

<?php
$fp = fopen('.htaccess', 'a');
fwrite($fp, 'deny from ' . $_SERVER['REMOTE_ADDR'] . "n");
fclose($fp);
?>

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme