htaccess file help please

Discussion in 'HTML' started by Mark Shapiro, Mar 4, 2011.

  1. Mark Shapiro

    Mark Shapiro Guest

    Is it appropriate to ask for help about a simple
    htaccess question here? I have a spammer always
    trying to flood/hack my site, and it's from one
    IP adresss in Russia. I looked on the web and
    found examples, oh I will just go ask:

    Options +FollowSymlinks
    RewriteEngine on

    rewritecond %{http_host} ^JudgmentBuy.com$ [nc]
    rewriterule ^(.*)$ http://www.JudgmentBuy.com/$1 [r=301,nc]

    order allow,deny
    deny from 91.201.66.76
    allow from all



    --- any glaring errors?
     
    Mark Shapiro, Mar 4, 2011
    #1
    1. Advertising

  2. Mark Shapiro

    Doug Miller Guest

    In article <1jxldva.qpod0s1o38d1oN%>, (Mark Shapiro) wrote:
    >Is it appropriate to ask for help about a simple
    >htaccess question here?


    You're more likely to get useful advice if you post in
    alt.apache.configuration

    > I have a spammer always
    >trying to flood/hack my site, and it's from one
    >IP adresss in Russia. I looked on the web and
    >found examples, oh I will just go ask:
    >
    >Options +FollowSymlinks
    >RewriteEngine on
    >
    >rewritecond %{http_host} ^JudgmentBuy.com$ [nc]
    >rewriterule ^(.*)$ http://www.JudgmentBuy.com/$1 [r=301,nc]
    >
    >order allow,deny
    >deny from 91.201.66.76
    >allow from all
    >
    >
    >
    >--- any glaring errors?
     
    Doug Miller, Mar 4, 2011
    #2
    1. Advertising

  3. Evan Platt wrote:

    > (Mark Shapiro) wrote:
    >> Is it appropriate to ask for help about a simple htaccess question
    >> here? I have a spammer always trying to flood/hack my site, and
    >> it's from one IP adresss in Russia. I looked on the web and found
    >> examples, oh I will just go ask:

    >
    > Certainly your firewall would be a better place to block the spammer
    > at.


    ...unless it is a shared hosting server. Then .htaccess would be the
    better place.

    --
    -bts
    -Four wheels carry the body; two wheels move the soul
     
    Beauregard T. Shagnasty, Mar 4, 2011
    #3
  4. On 04/03/11 14:26, Mark Shapiro wrote:

    > --- any glaring errors?


    The directives that you can use in an .htaccess file depend on the
    allowoveride settings for the directory concerned in the apache config
    for the [virtual] server concerned.

    Afair you need at least "limit" to use allow / deny / order in an .htaccess.

    You might want to ask your hosting company.

    If it's your own server, editing the apache config for the [virtual]
    server concerned is the recommended approach for such things.

    Rgds

    Denis McMahon
     
    Denis McMahon, Mar 4, 2011
    #4
  5. Mark Shapiro

    Mark Shapiro Guest

    > You might want to ask your hosting company.
    > If it's your own server, editing the apache config for the [virtual]
    > server concerned is the recommended approach for such things.


    Thank you much. I have contacted the hosting company, as it's a shared
    hosting site.
     
    Mark Shapiro, Mar 5, 2011
    #5
  6. Mark Shapiro

    Mark Shapiro Guest

    Mark Shapiro <> wrote:

    > > You might want to ask your hosting company.
    > > If it's your own server, editing the apache config for the [virtual]
    > > server concerned is the recommended approach for such things.

    >
    > Thank you much. I have contacted the hosting company, as it's a shared
    > hosting site.


    Well, my ISP said that since I was on a shared hosting server,
    the spammer uses the system's CGI script, so my htaccess file
    was being ignored. They said I could (4 times the price)
    upgrade my account to move the mail cgi script to my home
    directory. Oh well.
     
    Mark Shapiro, Mar 8, 2011
    #6
  7. Mark Shapiro wrote:

    > Well, my ISP said that since I was on a shared hosting server,
    > the spammer uses the system's CGI script, so my htaccess file
    > was being ignored. They said I could (4 times the price)
    > upgrade my account to move the mail cgi script to my home
    > directory. Oh well.


    Change your ISP. There are plenty out there that allow you to have your
    own CGI scripts on the cheap. I use to use FatCow when I could use
    shared hosting which like others in its class allow for your own user
    cgi-bin. I like them, but had to move to a VPS solution to satisfy PCI
    Compliance...

    --
    Take care,

    Jonathan
    -------------------
    LITTLE WORKS STUDIO
    http://www.LittleWorksStudio.com
     
    Jonathan N. Little, Mar 8, 2011
    #7
  8. Mark Shapiro wrote:

    > Mark Shapiro <> wrote:
    >> Thank you much. I have contacted the hosting company, as it's a
    >> shared hosting site.

    >
    > Well, my ISP said that since I was on a shared hosting server,


    Hmm? Your ISP is the 'pipe' by which you personally connect to the
    Internet. DSL/cable/dialup. Who is your *web hosting company?*

    > the spammer uses the system's CGI script,


    So there is an insecure script at your web site. You should fix that.

    > so my htaccess file was being ignored. They


    Your ISP?

    > said I could (4 times the price) upgrade my account to move the mail
    > cgi script to my home directory. Oh well.


    Run away fast.

    --
    -bts
    -Four wheels carry the body; two wheels move the soul
     
    Beauregard T. Shagnasty, Mar 8, 2011
    #8
  9. Mark Shapiro

    Mark Shapiro Guest


    > > the spammer uses the system's CGI script,

    >
    > So there is an insecure script at your web site. You should fix that.
    >
    > > so my htaccess file was being ignored. They

    >
    > Your ISP?
    >
    > > said I could (4 times the price) upgrade my account to move the mail
    > > cgi script to my home directory. Oh well.

    >
    > Run away fast.


    Pair.com - they are very reliable. $8 a month,
     
    Mark Shapiro, Mar 8, 2011
    #9
  10. Mark Shapiro wrote:
    >
    >>> the spammer uses the system's CGI script,

    >>
    >> So there is an insecure script at your web site. You should fix that.
    >>
    >>> so my htaccess file was being ignored. They

    >>
    >> Your ISP?
    >>
    >>> said I could (4 times the price) upgrade my account to move the mail
    >>> cgi script to my home directory. Oh well.

    >>
    >> Run away fast.

    >
    > Pair.com - they are very reliable. $8 a month,


    Not very reliable if their mail cgi script you have to use is
    hackable... Many other fish in the sea. Checked on my old hosting co.

    http://www.fatcow.com/

    They dropped the price since I used them, now $78 which works out $6.50
    a month, and you have your own cgi-bin... They are not alone, I hear
    Bluehost, 1&1 are good...

    --
    Take care,

    Jonathan
    -------------------
    LITTLE WORKS STUDIO
    http://www.LittleWorksStudio.com
     
    Jonathan N. Little, Mar 8, 2011
    #10
  11. On 08/03/11 04:47, Mark Shapiro wrote:
    >
    >>> the spammer uses the system's CGI script,

    >>
    >> So there is an insecure script at your web site. You should fix that.
    >>
    >>> so my htaccess file was being ignored. They

    >>
    >> Your ISP?
    >>
    >>> said I could (4 times the price) upgrade my account to move the mail
    >>> cgi script to my home directory. Oh well.

    >>
    >> Run away fast.

    >
    > Pair.com - they are very reliable. $8 a month,


    1) Like I said before, any directives you add to .htaccess will only
    work if they are allowed by the site config. If they're not allowed,
    your site might just generate 500 errors to all visitors if there's an
    unrecognised / not permitted directive in the .htaccess.

    2) Someone at your hosting company is giving you bad information if they
    say "your .htaccess is being ignored because the mail script is a system
    wide cgi". Either he means they don't support .htaccess, or the person
    who spoke to you doesn't understand what he's talking about. The
    mailform cgi will be accessed through a symlink that you can control
    with the .htaccess if .htaccess is supported (it may not be).

    3) Try the following in your .htaccess

    order allow deny
    deny from 91.201.66.76
    allow from all

    If it doesn't stop the spammer, then either the server is set up without
    "AllowOverride limit" for your <directory> section, or although he's
    spamming you, he's not actually doing it by accessing the cgi through
    your website (even if he's accessing the cgi on your server).

    Can you clarify the nature of the spamming? Is he sending spam to you,
    or sending spam to other people that seems to come from your website? Do
    you have examples of spams with all headers that we could perhaps look
    at to analyse? (Don't post them here)

    Rgds

    Denis McMahon
     
    Denis McMahon, Mar 8, 2011
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tigger
    Replies:
    3
    Views:
    504
    kayodeok
    Jan 26, 2004
  2. draphael

    .htaccess for file extensions?

    draphael, Oct 30, 2005, in forum: HTML
    Replies:
    2
    Views:
    384
    draphael
    Oct 30, 2005
  3. KK
    Replies:
    2
    Views:
    594
    Big Brian
    Oct 14, 2003
  4. Nospam
    Replies:
    3
    Views:
    715
    David Dorward
    Aug 15, 2006
  5. BusyGuy

    .htaccess question please

    BusyGuy, Sep 21, 2006, in forum: HTML
    Replies:
    6
    Views:
    511
    Jukka K. Korpela
    Sep 23, 2006
Loading...

Share This Page