Hi all This IP is comsuming all my resources by using my site's contact form till exaustion. 195.189.142.200 Maybe its just a script that is pulling same s##t over and over again. But this IP is Number one in Awstats and i never saw him there till 1-2 days ago. Funny thing IP its from eastern europe or similar Asdrovnia? he he How can i stop this moron through CPanel in a way i dont have to deal again with him?
Thanks Richie, just did that in and it's over (for now). Is there a way to block a particular country? Let's say, Japan? I know i can get all IP range etc but is there a faster click-done way?
Do you mean like http://www.blockacountry.com/? Remember, new IP blocks are allocated all the time, so it not a simple as a one-click method. Jay
I see a more serious issue than your resources being consumed. It looks like a spammer is using your contact form to send spam all over the Internet from your website. And as it's sent from your website people will hold you liable for this and you will probably end up blacklisted on several mail servers. It is important to figure out what exactly that person was doing with your contact form, and to fix it if it is possible to use it to spam.
Well... I have no idea how your form is made. If you made it yourself, try to think how you could change the destination e-mail address. If you got it somewhere, try to see if there is a known vulnerability for this form. Using a contact form to send spam is very common, I regularly see attempts to check my server for vulnerable contact forms in my httpd logs.
Guys, i was using an old version of Form2mail, and just saw there is a new version (hack free) another issue confusing me: how come i blocked some IP's (ip deny manager) and they keep popping up in my stats? ? ?
If you are denying them using a .htaccess file then the requests will still be logged but it should be logging the different response code it sent them. Most often, you will be sending a "403 Forbidden" instead of a "200 OK" response. In Apache's standard logging format, the response code is the first number after the request string (which looks like "GET /index.php")