Looking for a bit of advice. First, no where on my site is there a subdirectory called /admin or phpmyadmin or any of the dozen or so attempted hackings I find in my Apache logs. If you've forgotten_password - email me because that file doesn't exist. Anyhow, in my htaccess file - RewriteCond %{REQUEST_URI} /admin/* [OR] etc etc etc -> attempted_hack.php. I then get the incoming IP and add "deny from $IP" to my htaccess file. - along with l.e.t u.s c o u n t to 100 ... slowly.... or I do a meta refresh -> ripe.net/admin/... (etc) I'm starting to get somewhat of a collection of deny entries. So? is that worth while? or does it just make me feel a bit better? And is there something else I can? Like: send 500k of random chars in a base64'ed file (zipped) (oooh look maybe some data I can get something out of) Thanks
Try http://www.wizcrafts.net/ Add a few of their lists to your .htaccess file and it'll cut down a lot of hacking attempts.