: Trigger IP ban based on request of given file? I run a website where "x.php" was known to have vulnerabilities. The vulnerability has been fixed and I don't have "x.php" on my site anymore.
I run a website where "x.php" was known to have vulnerabilities. The vulnerability has been fixed and I don't have "x.php" on my site anymore.
As such with major public vulnerabilities, it seems script kiddies around are running tools that hitting my site looking for "x.php" in the entire structure of the site - constantly, 24/7.
This is wasted bandwidth, traffic and load that I don't really need.
Is there a way to trigger a time-based (or permanent) ban to an IP address that tries to access "x.php" anywhere on my site?
Perhaps I need a custom 404 PHP page that captures the fact that the request was for "x.php" and then that triggers the ban? How can I do that?
Thanks!
EDIT:
I should add that part of hardening my site, I've started using ZBBlock:
This php security script is designed
to detect certain behaviors
detrimental to websites, or known bad
addresses attempting to access your
site. It then will send the bad robot
(usually) or hacker an authentic 403
FORBIDDEN page with a description of
what the problem was. If the attacker
persists, then they will be served up
a permanently reccurring 503 OVERLOAD
message with a 24 hour timeout.
But ZBBlock doesn't do quite exactly what I want to do, it does help with other spam/script/hack blocking.
More posts by @Kristi941
2 Comments
Sorted by latest first Latest Oldest Best
The PHP code that John Conde posted does not work. It replaces the entire .htaccess file as an undesirable result. The PHP below would be a good replacement for his PHP and I have tested it.
<?php
$ipdeny = 'deny from ' . $_SERVER['REMOTE_ADDR'];
file_put_contents('.htaccess', $ipdeny . PHP_EOL, FILE_APPEND);
?>
Recreate x.php and have it collect the IP address of anyone trying to reaching it. Then create (or modify) a .htaccess file that blocks them using Apache. The .htaccess file will look like this:
order deny,allow
deny from 123.123.123.123
deny from 255.255.255.255
Just keep appending to that file any IP address you want banned.
The x.php might look like this: (untested)
<?php
$fp = fopen('.htaccess', 'a');
fwrite($fp, 'deny from ' . $_SERVER['REMOTE_ADDR'] . "n");
fclose($fp);
?>
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.