Blocking full IP range in htaccess file - .htaccess

I have a problem, get all this spam login attempts, have edited htaccess to try to block the IP group, but seems to go through anyway, anyone can tell me what to correct?
Ex, I want to block all from 141.101.xxx.xxx
Ex, attempt from 141.101.98.0 came through with the below in htaccess file.
Have tried removing .0 but that makes a 500 error....
Order Allow,Deny
Allow from all
Deny from 173.245.0
Deny from 162.158.0
Deny from 141.101.0
Deny from 108.162.0
thanks for all help :)
rgs
Stig

When I am stuck with .htacces I use this handbook. I know it's not a solution but it might help others.

Related

using .htaccess to deny an IP address

So i have everything set up correctly.
By default allow all access
order deny,allow
deny from all
allow from 192.111.0.11
my public ip: 2600:8801:db06:3a00:c85b:516d:5dc1:7f7d
Your public IP address
When i set my ip address from work... everything is fine.. but when i try and do my home network.. cox.. it doesn't work and it keeps telling me i don't have authorization to view the page... exactly what it should do if it was the wrong IP.
Sorry for the stupid question.. this is bugging me.
Any help would be greatly appreciated. Thank you.
Try this:
Order Deny,Allow
Deny from all
Allow from 192.111.0.11
Allow from 2600:8801:db06:3a00:c85b:516d:5dc1:7f7d

What is this file in .htaccess?

I am realy wonder why in .htaccess has those code bellow, can tell me what is this code?
<Files 403.shtml>
order allow, deny
allow from all
</Files>
deny from 212.92.53.18
It is not definitely malware.
At least, not in the sense it's intended for malicious reasons...
In the case you are using cpanel and you have used its IP Deny Manager to block access to 212.92.53.18 then this will automatically be written to your .htaccess file with the intended purpose of blocking that IP (and any others you may wish to enter):
<Files 403.shtml>
order allow, deny
allow from all
</Files>
deny from 212.92.53.18
Do you use cpanel and if so, do you remember doing that?
Allowing the 403 to All simply prevents a loop. If you block an IP using the 'deny from' method, then serving of the 403 to that IP would also get blocked, creating a loop. Allowing the specific 403 file to ALL, will override the block -- of serving the 403 to that specific IP -- that otherwise would have occurred. That prevents a loop.
<Files 403.shtml>
order allow, deny
allow from all
</Files>
I used it myself on an old domain. It simply says "allow anyone to access the file named 403.shtml"; which is the forbidden access error. Of course, you would use this usually if you created a custom 403.shtml page.
The denied IP in this case would not see the custom 403.shtml and instead would get a White-screen-of-death.
So this is not, in any way shape or form, malware related.
UPDATE: This answer was based on speculation using the facts provided when it was originally posted. The overall consensus seems to be this modification of the .htaccess file is most likely the result of using server management software such as CPanel so it’s not—on its own—an indication of malware infection.
The contents of that .htaccess are a bit odd.
<Files 403.shtml>
order allow, deny
allow from all
</Files>
deny from 212.92.53.18
The <Files 403.shtml> part refers to the 403.shtml file and it seems to be allowing a custom 403: Forbidden response (assumption based on file naming) .shtml file to be sent. The order allow, deny and related allow from all explain it to me. It seems like the site is blocking all traffic in some way but wants that 403.shtml to come through?
But the deny from 212.92.53.18 is quite specific & odd as a result. That is basically blocking any/all access from 212.92.53.18.
Now typing that out it seems like the .htaccess is set to explicitly deny access from address 212.92.53.18 which would send a 403 response code, and the <Files 403.shtml> allows the actual 403: Forbidden htaccess page to be sent?
But still, it seems odd for a directive to block traffic from one single IP address would be in an .htaccess file like that.
EDIT: Did a Google search for <Files 403.shtml>—because if you know Apache configs, that is a highly odd directive—and it seems like this might be part of some malware? Look at this page as well as this page and this other page.
Seems like this is part of a definite XSS backdoor? Perhaps the .htaccess is in a malware directory, and the deny from 212.92.53.18 is denying the infected server from accessing itself?
ANOTHER EDIT: Okay, putting on my thinking cap—as well as personal experience with web malware—and looking at the specificity of the deny from 212.92.53.18 I think I know what the deal is. This is part of a malware infection. But I bet that 212.92.53.18 is a node on a bonnet because you can curl -I it & visit it in a browser & it seems to be an active server. Most client IP addresses just won’t do that; who has a web server exposed on a basic ISP connection, right? Unless the machine is infected. So the 403.shtml is not actually a real 403: Forbidden page but actually part of the malware. Meaning, a connection being made FROM 212.92.53.18 would trigger 403.shtml—which is a server side include HTML file—that could be used for unauthorized access. I mean, when has anyone in 2014 last seen active .shtml files on legit servers, right? It’s all PHP, Python, Java or Ruby nowadays.
This?
<Files 403.shtml>
order allow,deny
allow from all
</Files>
deny from xx.xx.xx.xx
Hacker? Backdoor? Malware? Ukraninian DOS attack?
Of course it IS NOT. It's nothing of the sort.
It is automatically generated by cPanel, when the "IP Blocker" is used.
cPanel writes it to your .htaccess file
The 'deny from' is simply the IP specified when using the cPanel IP Blocker tool. cPanel is clever enough to know a little more is needed than just a simple 'deny' IP4 entry.
Probably it's terrorific hack and malware. Ukraine/Russian/Indonesian hackers. On july 2016 they have attacked a lot of sites with Prestashop with a vulnerability on image file uploads. They upload that 403.shtml to the root and then they destroy the server and files. I have checked that my web is on their web page that inform hacked websites. They block some nights your access to the web with a DDOS attack to get the pass of mysql and ftp. In prestashop you have to upload urgent to 1.6.1.16 or upload some protection files. Unfortunately, I have do that, but they don't stop and try again blocking my webshop.
The only another option is that you put block ip on cpanel, but the trick is what Giacomo1968 says in their answer. Congratulations.

.htaccess: how to deny access to all except by me for specific folder

i want an exclusive access in my administration folder and i tried this code (in an .htaccess file inside admin folder):
order allow,deny
allow from m.y.i.p
deny from all
tried also this:
order deny,allow
deny from all
allow from m.y.i.p
and this:
order deny,allow
allow from m.y.i.p
deny from all
but anytime server gives me this response:
403 Forbidden
Forbidden
You don't have permission to access /provo/prova/ on this server.
how can i solve this issue? i have a switch connected to the router/modem and i take my ip address from this site http://whatismyipaddress.com/
thanks.
This worked for me:
Order deny,allow
deny from all
allow from m.y.i.p
However, since you've already tried it, you need to make sure that's the IP the webserver is seeing. Look at the access logs right after you load a page to see what IP got logged.
Other than that, make sure that you've put these in the right place. Either the htaccess file in the directory you want to protect, or in a <Directory> block in your server/vhost config.
Prob not the answer you're looking for but:
If you're using cPanel .. it's really easy to do it from there.
It involves making a passwords file. I never remember the exact way cause I always get cPanel to do it for me.
I would only do it by IP if you have been given a static IP from your ISP... otherwise this could change.
Use .htpasswd. It's a bit more resilient than just using an IP address.

How could I redirect or deny users from a particular country with my htaccess file?

I looked at countryipblocks.net, and need to clarify...
If I want to block users from, say, Andorra from visiting my site, what exactly needs to be added to my (already existing) .htaccess file?
Do I need to simply add this block of text to my .htaccess?
<Limit GET HEAD POST>
order allow,deny
deny from 85.94.160.0/19
deny from 91.187.64.0/19
deny from 194.117.123.178/32
deny from 194.158.64.0/19
deny from 195.112.181.196/32
deny from 195.112.181.247/32
allow from all
</LIMIT>
On the other hand, if I want to redirect users from, say, Croatia, from http://mywebsite.com to http://google.com or a landing page, what exactly needs to be added to my .htaccess file?
Finally - how would "deny" appear to the user being denied access?
Thanks.
Visitors who are within a IP range that is banned by deny will be served with a 403 error. If you want to them to see a nice page, instead of the standard Apache error, then you will need something like
ErrorDocument 403 /errors/403.html
in your .htaccess file. It is fairly easy to check rules based on IP addresses are working in your .htaccess by setting the blocked IP to be 127.0.0.1 (i.e. localhost); when you then look at the page in question on localhost, you should see the result of the page being blocked.
In answer to your question about redirecting users, blocking all users from any 1 country seems a little bit overkill; however, try reading up on the RewriteCond directive.

Block Range of IPs

I'm trying to block a range of IPs from visiting my website
Here is what I have in my .htaccess file
order allow,deny
Deny from 64.244.0.0/64.245.255.255
Deny from 64.244.0.0/15
allow from all
I'd like to know if anyone can tell (or estimate) me how many IPs have i blocked there?
I believe the first DENY FROM is just wrong. I've always seen it this way
64.244.0.0/15
Base Address^ ^Number of bits to use for subnet
This would mean that you have 2^15 addresses in the deny block.
Edit
Using the comments below, what you would want is
ORDER deny,allow
DENY from 64.244.0.0/15
ALLOW from all

Resources