Use iptables instead, thats what I use...mainly because I dunno how to use .htaccess but I heard iptables is more efficient anyway lol.
the htaccess method mentioned below is perfect if you have NO access to server admin iptables usually only is accessible if you are lucky root server owner the syntax for iptables usage would be iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP replace xxx.xxx.xxx.xxx with the IP you want to block iptables is more resource efficient - while htaccess still uses apache to deny access. a full example would be a mail-spammer on my server iptables -A INPUT -s 209.9.148.130 -j DROP if your IP belongs to a network that has several IPs abusing your site and NO real visitors originating then instead of the single IP to block you may want to block an entire netmask ( subnet ) a real example would be a repeated hacker attempt from 66.135.34.160 hosted at ServerBeach Texas - apparently a hosting company paying little or no attention to their hosted sites cleanliness - hence I blocked an entire IP-range iptables -A INPUT -s 66.135.32.0/20 -j DROP the range to block is found by 1. finding the network range to block using whois 66.135.34.160 resulting in NetRange: 66.135.32.0 - 66.135.47.255 and then finding the netmask to enter after the / in your iptables filter line using the online subnet mask info found at http://xtronics.com/reference/ip-subnetmasks.htm
This should help...put this in your .htaccess: # allow all except those indicated here <Files *> order allow,deny allow from all deny from 12.345.67.890 deny from .*domain\.com.* </Files> You can find more info on .htaccess and IP blocking.
Well basic iptables is much more complex than that. And full iptables is very much more than much more . Anyway you can add custom rules that in the same time can allow acces to one host to some services and dissalow it to others. There is alot of iptables excellent documentation out there. But then again if you are not the server owner .htaccess is just as good. P.S.: that doesnt apply for synacc requests and or DoS/DDoS attacks. You might need to ask your hosting provider or as is the case uplink ISP or even go to the closest border router to add in depth filtering on IP or IP's ranges/netblocks.
hello, I new little about how to block ip ....and the information in this thread is pretty good... I have a query regarding the ip of a site..... if there are 10 sites from the same ip....... how the site's are judged by google.......please let me know about this ...
The best way to block ip addresses is using a firewall. Look for blocks of IPs and ban it. Use CSF or APF firewall see this tutorial
The easiest way shoule be add this ip address into /etc/hosts.deny, then all services that have tcpwappers integrated will be unavailable to this address.
Definitely block the ip from your firewall level that way it will be blocked 24/7 and at your closest entrance to your network. If you are using iptables, firewall software, router firewall, etc... make sure you use a DROP rule. It's more effective if the target is doing a scan on you, they will most likely believe your site is down instead of any other type of blocking.
from your web hosting control panel you ought to be able to block by IP number. this has nothing to do with your local firewall unless youre hosting the files from your own server.