So The Canadian Finance Site has been under attack for a long time from various nasty folks out there, however, I now have finally at least figured out how to identify who (or some of who) are doing this.
The easiest way to stop these attacks is by updating the .htaccess file for the site and add the following code snippet:
## IP-ABUSE-LOOKUP Order Allow,Deny Allow from All Deny from 126.96.36.199 188.8.131.52 184.108.40.206 220.127.116.11 Deny from 18.104.22.168 22.214.171.124 126.96.36.199 188.8.131.52 Deny from 184.108.40.206 220.127.116.11 18.104.22.168 22.214.171.124 126.96.36.199 Deny from 188.8.131.52 184.108.40.206 220.127.116.11 18.104.22.168 22.214.171.124 Deny from 126.96.36.199 188.8.131.52 184.108.40.206 220.127.116.11 18.104.22.168 Deny from 22.214.171.124 Deny from 126.96.36.199 Deny from 188.8.131.52 Deny from 184.108.40.206 Deny from 220.127.116.11
This is an example of my current .htaccess file, and I keep adding addresses as I sort out who is attacking my site. I learned about this file from my Hosting Service Provider Dreamhost, so thanks to them.
There is a very useful plug in called Redirection which I first installed to help me with my “resurrect the dead” program (I’ll write about that here at a later date). I installed it, but it also logs “odd” access to your site, and from those logs I have collected IP addresses of very questionable attack sites. I suppose I should reverse look up the addresses to see if they are legitimate, but I can’t be bothered right now.
This is only a partial list, I have added many more IP addresses, and currently I use Filezilla to FTP the .htaccess file from my site, edit it on my PC (adding new addresses) and then putting the new .htaccess file back on my site. If your Service Provider offers an easier way to do this, I would strongly suggest using it.
This hasn’t stopped my site from getting pounded, but it can’t hurt either.