It has been a real fight for me and getting hacked. I have fixed my script so the hackers can't get in now however I want them to stop completely. I have come up with this .htaccess config. Seems to work good. I just want to make sure I'm not blocking anything other then whats in there. order allow,deny deny from .bezeqint.net deny from wz.zj.cn deny from 203.162. deny from .net.vn deny from .com.vn deny from .net.qa deny from proxy. deny from proxy.*.*.* deny from .xunta.es deny from 82.71.0.0/82.71.63.255 deny from 217.20. deny from 210.22. deny from 87.236. deny from 89.149. deny from 203.162. deny from source: RIPE # Filtered allow from all RewriteEngine on RewriteCond %{HTTP:VIA} !^$ [OR] RewriteCond %{HTTP:FORWARDED} !^$ [OR] RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR] RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR] RewriteCond %{HTTPROXY_CONNECTION} !^$ [OR] RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR] RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR] RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$ RewriteRule ^(.*)$ - [F]