Results 1 to 10 of 22
Threaded View
-
22nd Nov 2010, 10:46 AM#1
OPMemberWebsite's:
Elite.SO Defendos.com Motionite.com
Block most DDoS using htaccess file!
Hey, I found this on the net and wanted to share this with you all:
Lately, it seems DDOS attacks have become a more popular way for a tech savvy customer or competitor to attempt a bit of revenge. I?ve consulted on several emergency projects within the past month in which a client?s server ? web sites creating sales of over $100,000 per day ? were brought down for hours or days due to a DDOS attacks that are easily mitigated with the proper techniques.
Distributed denial of service or ?DDOS? attacks are quite common. Larger companies with hefty CPUs and server bandwidth often notice it only as a spike in hits. Small businesses notice it when their site goes offline, email stop coming in, and revenue comes to a screeching halt!
Here are some of the basic Linux security tools & techniques I use to help clients bring their servers back online.
An effective .htaccess file is the fastest and most direct approach to mitigating DDOS attacks. It is important to browse to your server after editing your .htaccess file as any mistake in syntax can cause a 500 error for everyone attempting to access your site.
Here is the template .htaccess file I use:
Note: add the code above into a .htaccess file and upload it to your root directory /public_html/Code:# BEGIN .HTACCESS FILE # The following lines use the Apache mod rewrite module to redirect certain web queries to where you want them to go. This is an effective security tool as well as great for the user experience in many cases. If you are using lighthttpd or are not using mod_rewrite with Apache the below "rewrite" lines do nothing. RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] # Example Redirects # Redirect /this-is-the-shortcut http://yourdomainhere.com/whatever/long-URL/you-want-to-redirect-to/with-that-shortcut-goes-here # Redirect /myaccount http://yourdomainhere.com/memberaccounts/accountlogin.php # It is important for server performance to order your .htaccess "deny from" and "allow from" statements with deny first, then allow after all of the deny directives. order deny,allow # The following regional blacklists are from http://www.wizcrafts.net/russian-blocklist.html as of 1-14-2010 # Nigerian/African 419 Scammers IP addresses follow: deny from 12.166.96.32/27 41.138.160.0/19 41.184.0.0/16 41.189.0.0/19 41.189.32.0/19 41.190.88.0/22 41.191.84.0/22 41.191.108.0/22 41.194.52.0/22 41.202.0.0/17 41.202.128.0/19 41.202.192.0/19 41.203.96.0/19 41.203.224.0/20 41.204.0.0/17 41.204.128.0/18 41.204.224.0/19 41.205.0.0/19 41.205.64.0/19 41.205.160.0/19 41.207.0.0/19 41.207.160.0/19 41.207.192.0/19 41.208.48.0/23 41.208.128.0/18 41.210.0.0/18 41.210.192.0/18 41.211.0.0/19 41.211.192.0/18 41.214.0.0/17 41.215.160.0/20 41.217.0.0/17 41.218.192.0/18 41.219.128.0/17 41.220.0.0/16 41.221.160.0/20 41.222.0.0/21 41.222.24.0/21 41.222.40.0/21 41.222.64.0/21 41.222.192.0/22 41.223.24.0/22 41.223.64.0/22 41.223.248.0/22 41.248.0.0/16 41.250.0.0/16 61.11.230.112/29 62.56.128.0/17 62.56.235.0/24 62.56.236.0/24 62.56.244.0/22 62.56.248.0/24 62.128.160.0/20 62.173.32.0/19 62.192.128.0/19 62.192.140.250 62.193.160.0/19 63.70.178.0/24 63.73.58.0/24 63.100.193.0/24 63.103.138.0/24 63.103.139.64/26 63.103.140.0/22 63.109.245.168/29 63.109.247.0/24 63.109.248.128/25 63.122.154.0/24 64.14.48.128/26 62.24.96.0/19 64.86.155.0/24 64.86.210.0/23 64.110.30.0/24 64.110.31.0/24 64.110.64.16/28 64.110.76.0/23 64.110.81.0/24 64.110.93.16/28 64.110.93.176/28 64.110.147.0/24 64.201.33.0/24 65.120.56.0/21 65.209.91.0/24 65.209.92.0/24 66.18.64.0/19 66.110.31.0/24 66.178.0.0/17 66.199.241.82 66.205.20.0/24 deny from 77.70.128.0/24 77.70.129.0/26 77.70.137.0/25 77.70.138.0/23 77.73.184.0/21 77.220.0.0/20 78.138.2.0/24 78.138.3.200/29 78.138.3.208/28 78.138.3.224/28 78.138.8.8/29 78.138.32.32/27 78.138.33.144/29 80.78.16.168/29 80.78.16.176/28 80.78.16.192/28 80.78.17.0/24 80.78.18.88/29 80.78.18.96/27 80.78.18.128/29 80.78.19.16/29 80.78.19.104/29 80.78.19.112/28 80.78.23.16/28 80.87.64.0/19 80.88.128.0/20 80.88.129.0/24 80.88.130.0/24 80.88.131.0/24 80.88.132.0/26 80.88.132.64/27 80.88.132.104/29 80.88.132.128/26 80.88.132.192/27 80.88.132.224/28 80.88.132.240/29 80.88.133.0/25 80.88.134.0/26 80.88.134.64/29 80.88.135.0/24 80.88.136.0/24 80.88.137.0/24 80.88.138.0/25 80.88.138.128/26 80.88.138.192/27 80.88.139.0/25 80.88.139.128/26 80.88.139.192/27 80.88.139.224/28 80.88.140.0/24 80.88.141.0/25 80.88.141.128/27 80.88.142.0/24 80.88.143.128/24 80.88.144.0/23 80.88.146.0/24 80.88.147.0/24 80.88.148.0/24 80.88.149.0/25 80.88.149.128/26 80.88.149.192/28 80.88.150.0/24 80.88.151.0/24 80.88.152.0/24 80.88.153.0/24 80.88.154.32/27 80.88.154.72/29 80.88.154.80/29 80.88.154.96/28 80.88.155.0/25 80.88.155.128/27 80.88.155.160/29 80.89.176.0/24 deny from 80.179.102.0/24 80.179.107.64/27 80.179.107.224/29 80.179.128.0/17 80.231.4.0/23 80.240.192.0/20 80.247.136.0/24 80.247.137.0/24 80.247.141.32/27 80.247.141.64/26 80.247.141.128/25 80.247.142.0/24 80.247.147.16/28 80.247.147.32/29 80.247.147.64/27 80.247.147.96/28 80.247.151.0/24 80.247.153.0/24 80.247.156.0/26 80.247.156.128/28 80.247.157.0/24 80.247.159.0/24 80.248.0.0/20 80.248.64.0/23 80.248.70.0/20 80.248.64.0/20 80.250.32.0/20 80.255.40.48/28 80.255.40.96/29 80.255.40.112/28 80.255.40.128/28 80.255.40.192/28 80.255.40.224/27 80.255.40.240/28 80.255.41.160/28 80.255.43.0/24 80.255.46.0/29 80.255.46.16/28 80.255.46.64/29 80.255.58.160/27 80.255.58.192/26 80.255.59.19 80.255.59.232/29 80.255.59.240/29 80.255.61.0/25 81.18.32.0/20 81.18.40.0/24 81.18.42.0/24 81.23.194.0/27 81.23.194.64/27 81.23.194.128/25 81.23.195.0/24 81.23.196.0/25 81.23.196.128/29 81.23.200.0/21 81.24.0.0/20 81.91.224.0/20 81.199.0.0/16 82.128.0.0/17 82.205.242.0/23 83.137.59.8/29 83.137.61.0/24 83.138.167.40/29 83.229.0.0/17 84.254.188.3 84.254.128.0/18 deny from 155.239.0.0/16 192.116.64.0/18 192.116.128.0/18 192.116.152.0/21 192.118.71.0/24 193.93.96.0/22 193.95.0.0/17 193.110.2.0/23 193.189.0.0/18 193.189.64.0/23 193.189.128.0/24 193.194.64.0/19 193.219.192.0/18 193.220.0.0/16 193.220.26.0/24 193.220.30.0/26 193.220.30.64/27 193.220.31.0/26 193.220.31.64/27 193.220.45.0/25 193.220.47.0/25 193.220.77.0/26 193.220.187.0/26 193.220.187.128/27 195.8.22.0/24 195.10.109.192/26 195.24.192.0/19 195.44.168.0/21 195.44.176.0/21 195.137.13.0/24 195.137.14.0/24 195.166.224.0/19 195.214.240.0/21 195.219.176.0/24 195.225.62.0/23 195.245.108.0/23 196.0.0.0/16 196.1.176.0/20 196.3.60.0/22 196.3.180.0/22 196.20.0.0/19 196.29.96.0/19 196.29.216.0/21 196.29.224.0/20 196.44.96.0/19 196.45.192.0/18 196.46.240.0/21 196.128.0.0/10 196.192.0.0/12 196.208.0.0/14 196.212.0.0/14 196.220.0.0/19 198.54.0.0/16 204.16.124.0/22 204.118.170.0/24 206.113.97.0/24 208.70.0.0/21 208.78.56.0/21 209.88.163.0/24 209.101.84.0/24 209.159.160.0/20 209.198.240.0/23 209.198.242.16/28 209.198.242.96/29 209.198.242.104/30 209.198.242.108/31 209.198.242.128/27 209.198.246.240/28 212.49.64.0/19 212.52.128.0/19 212.60.64.0/19 212.85.192.0/19 212.96.0.0/19 212.100.64.0/19 212.165.128.0/17 212.165.132.64/27 212.165.135.0/24 212.165.140.16/29 212.165.140.64/26 212.165.140.128/25 212.165.141.0/24 212.165.147.0/26 212.165.147.128/26 212.165.183.0/24 212.199.108.0/24 212.199.251.0/24 212.247.93.0/24 deny from 213.136.96.0/19 213.140.62.0/23 213.150.192.0/23 213.154.64.0/19 213.166.160.0/19 213.181.64.0/19 213.185.96.0/21 213.185.106.0/24 213.185.112.0/24 213.185.113.0/26 213.185.113.64/27 213.185.113.96/27 213.185.118.160/27 213.185.118.192/26 213.185.124.0/24 213.187.135.0/24 213.187.145.0/24 213.211.128.0/18 213.211.188.0/24 213.232.96.0/24 213.255.193.0/24 213.255.194.0/24 213.255.195.0/24 213.255.198.0/24 213.255.199.0/24 216.72.104.0/21 216.74.187.0/24 216.118.252.0/24 216.118.253.0/24 216.118.254.0/24 216.129.147.128/28 216.129.159.0/24 216.133.174.0/24 216.139.160.0/19 216.147.132.144/28 216.147.132.160/28 216.147.134.0/24 216.147.159.0/24 216.185.79.0/24 216.236.200.96/28 216.236.202.96/28 216.236.205.0/24 216.236.222.128/26 216.250.195.0/27 216.250.195.64/26 216.250.221.0/24 216.250.222.0/24 216.252.176.0/24 216.252.177.0/24 216.252.231.0/25 216.252.245.0/24 217.10.163.128/26 217.10.163.192/27 217.10.163.224/27 217.10.166.0/26 217.10.166.64/28 217.10.169.0/24 217.10.170.0/24 217.10.171.0/24 217.10.173.0/26 217.10.182.0/27 217.10.184.0/24 217.14.80.0/20 217.15.124.0/25 217.20.240.0/20 217.20.241.0/25 217.20.241.128/29 217.20.241.136/29 217.20.241.144/28 217.20.241.160/29 217.20.241.168/29 217.20.241.176/29 217.20.241.184/29 217.20.241.192/29 217.20.241.200/29 217.20.241.208/29 217.20.242.0/24 217.20.243.16/28 217.20.243.32/27 217.21.64.0/19 217.78.64.0/20 217.117.0.0/20 217.146.3.144/28 217.146.3.160/28 217.146.3.176/29 217.146.3.224/27 217.146.4.64/26 217.146.5.0/24 217.146.6.0/25 217.146.6.160/27 217.146.7.0/24 217.146.8.0/25 217.146.9.0/24 217.146.10.128/25 217.146.11.0/25 217.146.12.0/24 217.146.13.0/24 217.146.14.0/25 217.146.15.0/25 217.146.16.0/27 217.146.16.32/29 217.168.112.0/20 217.194.140.0/22 217.194.144.0/20 217.199.144.0/20 217.212.242.0/23 # Pretoria Z.A. Used by some lottery scammers. Block these CIDRs if you get scammers from Pretoria, but no legit visitors! deny from 41.241.0.0/16 41.242.0.0/16 41.243.0.0/16 41.245.0.0/16 41.246.0.0/16 # Johannesburg, Gauteng, South Africa deny from 41.26.0.0/16 41.28.0.0/16 41.112.0.0/12 165.146.0.0/18 # Algeria deny from 41.200.0.0/15 193.194.64.0/19 # Morocco deny from 41.140.0.0/14 # Added Goldenlines.net.il (Israel) because of Open Proxies used by Nigerian scammers deny from 80.179.244.0/24 # Amsterdam, The Netherlands - DSL-NAT Customers and web hosting clients - Lottery and 419 scammers deny from 62.59.36.0/22 62.59.40.0/21 62.59.48.0/22 79.170.90.0/24 82.93.0.0/16 82.168.0.0/14 85.92.141.0 87.249.104.0/23 194.60.207.0/24 # Freenet in Germany (freenet.de); Used as spam relay by many Nigerian scammers, in March, 2008. # Choose one of the following CIDRs: # Narrow freenet.de CIDR, used by recent scammers: deny from 195.4.92.0/23 # Full Freenet.de CIDR: deny from 195.4.0.0/16 # ISPs in Spain, France and Italy, used by many expatriot Nigerian lottery and 419 scammers (Cableuropa, Ibercom, Ono.com, Telefonica) deny from 62.42.0.0/16 80.13.0.0/16 80.24.0.0/16 80.25.0.0/16 80.36.0.0/14 81.34.0.0/16 81.45.0.0/16 81.202.0.0/15 82.63.128.0/18 82.90.0.0/15 82.194.64.0/19 82.196.0.0/19 83.54.0.0/16 84.120.0.0/13 85.39.0.0/16 85.91.64.0/19 88.0.0.0/11 88.202.124.0/27 89.141.0.0/17 91.142.208.0/20 147.83.0.0/16 147.96.0.0/16 193.252.22.0/24 195.53.0.0/16 195.55.0.0/16 212.121.224.0/19 213.4.0.0/16 213.194.128.0/18 213.194.144.0/20 # 193.252.22.0/24 = orange.fr, in Paris, France. Constant 419 scams coming from their email servers! # Costa Rica exceptions: allow from 196.40.0.0/18 196.40.64.0/19 # 2009 Nigerian/African ISP additions/subtractions below: # Jan 23: Removed 80.255.59.0/24 and replaced it with 80.255.59.232/29 and 80.255.59.240/29 to finetune block to just Nigeria # Jan 26: Added 41.205.0.0/19 in Cameroon, used by Nigerian 419 scammers against a dating forum # Feb 1: Added 41.208.48.0/24 in South Africa, after repetitive 419 scams # Mar 8: Added 41.215.160.0/20 in Ghana for 419 scams # Mar 11: Added 78.138.32.32/27 ipmath.com and SkyVision, in Nigeria # Mar 26: Added 41.221.160.0/20 Swift Network in Nigeria # Mar 26: Expanded CIDR 41.208.48.0/24 to 41.208.48.0/23, after tracing 419 scam email # Mar 31: Added 41.202.192.0/19 in Cameroon, for 419 scamming # Apr 8: Added 147.96.0.0/16 in Spain, due to 419 lottery scams # Apr 11: Added 81.202.0.0/15 in Spain, for spamming # Apr 19: Added 196.212.0.0/14 is.co.za, in Johannesburg, South Africa, due to 419 scammers # May 1: Added 82.196.0.0/19 in France, due to 419 scams # May 2: Added 41.184.0.0/16 in Nigeria # May 12: Added 196.46.240.0/21 vmobile-nigeria.com, for scamming # May 18: Added 80.24.0.0/16 in Spain, for server exploit attacks # May 19: Added 82.90.0.0/15 in Italy, for spamming # May 23: Added 81.45.0.0/16 in Spain, for spamming # May 28: Added 41.190.88.0/22 in Ghana, for scamming # May 30: Added 41.191.108.0/22 Suburban Telecom in Abuja, Nigeria # May 31: Added 41.210.192.0/18 Angola, for scam emails # June 2: Added 83.54.0.0/16 in Spain, due to Nigerian 419 scammers operating in Spain # June 23: Added 82.63.128.0/18 Italy - Interbusiness.it, for spamming # June 25: Added 41.222.0.0/21 in Uganda (main blocklist) # July 2: Added 91.142.208.0/20 in Madrid, Spain, for spamming # July 9: Added 41.189.0.0/19 in Nigeria, for spamming forums # July 9: Added 41.205.64.0/19 in Cameroon, for spamming forums # July 10: Added 41.218.192.0/18 in Ghana, for spamming # July 13: Added 41.191.84.0/22 in Benin, for 419 scammers # July 19: Added 195.55.0.0/16 in Spain, due to Nigerian 419 scammers # July 22: Added 41.26.0.0/16 in Johannesburg, Gauteng, South Africa, due to 419 scammers # Aug 12: Added 78.138.8.8/29 in Nigeria # Sept 25: Added 41.194.52.0/22 Cobranet in Nigeria # Sept 26: Added 41.222.192.0/22 in Benin, due to 419 scammers # Sept 28: Added 65.120.57.51 Netcomng in Nigeria. Used by loan spam sender. CIDR added below on 12/25/2009 # Oct 20: Added 79.170.90.0/24 to the Amsterdam, The Netherlands blocklist, due to 419 scammers # Oct 20: Added 78.138.3.200/29 78.138.3.208/28 78.138.3.224/28 in Nigeria, for the usual 419 scams # Oct 24: Added 194.60.207.0/24 - XL-IS, to the Netherlands blocklist, due to 419 scammers using it. # Nov 14: Added 78.138.33.144/29 - Ipmath in Abuja, Nigeria. This is leased from sky-vision.net satellite service # Nov 19: Added 41.28.0.0/16 - Vodacom - under the category: "Johannesburg, Gauteng, South Africa" # Nov 23: Added 41.138.160.0/19 - VisaFone Communications, in Lagos, Nigeria, for 419 scams # Dec 16: Added 212.52.128.0/19 - Burkina Faso Onatel - for 419 scams # Dec 25: Expanded a NetcomNG (Nigeria) CIDR to 65.120.56.0/21 due to numerous 419 scams from those IPs ##### 2010 # Jan 5: 41.112.0.0/12 Johannesburg - lottery and 419 scammers # Jan 10: 41.140.0.0/14 Morocco (New group) - 419 scammers # End Nigerian/African blocklist ## BEGIN ASIAN BLACKLIST # Chinese IP addresses follow: deny from 58.17.0.0/16 58.20.0.0/16 58.21.0.0/16 58.22.0.0/15 58.37.0.0/16 58.38.0.0/16 58.56.0.0/15 58.58.0.0/16 58.59.0.0/17 58.60.0.0/14 58.82.0.0/15 58.208.0.0/12 58.246.0.0/15 58.248.0.0/13 59.32.0.0/13 59.40.0.0/15 59.42.0.0/16 59.52.0.0/14 59.56.0.0/13 59.108.0.0/15 60.0.0.0/13 60.12.0.0/16 60.28.0.0/15 60.160.0.0/11 60.194.0.0/15 60.208.0.0/13 60.216.0.0/15 60.220.28.0/22 61.4.64.0/20 61.48.0.0/13 61.128.0.0/10 61.135.0.0/16 61.145.73.208/28 61.160.0.0/16 61.162.0.0/15 61.164.0.0/16 61.179.0.0/16 61.183.0.0/16 61.184.0.0/16 61.185.219.232/29 61.188.0.0/16 61.191.0.0/16 61.232.0.0/14 61.236.0.0/15 110.96.0.0/11 111.0.0.0/10 112.0.0.0/10 112.64.0.0/14 113.0.0.0/13 114.104.0.0/14 114.216.0.0/13 114.224.0.0/11 115.24.0.0/15 115.48.0.0/12 115.100.0.0/15 116.1.0.0/16 116.2.0.0/15 116.4.0.0/14 116.8.0.0/14 116.76.0.0/15 116.208.0.0/14 117.21.0.0/16 117.80.0.0/12 118.112.0.0/13 118.132.0.0/14 118.144.0.0/14 119.0.0.0/13 119.8.0.0/15 119.10.0.0/17 119.18.192.0/20 119.120.0.0/13 119.128.0.0/12 119.144.0.0/14 119.164.0.0/14 120.0.0.0/12 121.0.16.0/20 121.8.0.0/13 121.16.0.0/12 121.32.0.0/14 121.76.0.0/15 121.204.0.0/14 122.51.128.0/17 122.64.0.0/11 122.198.0.0/16 122.200.64.0/18 122.230.0.0/16 123.4.0.0/14 123.52.0.0/14 123.97.128.0/17 123.100.0.0/19 123.112.0.0/12 123.128.0.0/13 123.232.0.0/14 124.42.64.0/18 124.64.0.0/15 124.114.0.0/15 124.128.0.0/13 124.163.0.0/16 124.200.0.0/13 124.236.0.0/14 124.248.0.0/17 125.40.0.0/13 125.80.0.0/13 125.88.0.0/13 125.115.0.0/16 159.226.0.0/16 202.66.0.0/16 202.96.0.0/12 202.96.128.0/18 202.108.0.0/16 202.111.160.0/19 202.114.64.0/20 203.69.0.0/16 203.93.0.0/16 203.169.160.0/19 210.5.0.0/19 210.14.128.0/19 210.21.0.0/16 210.51.0.0/16 210.52.0.0/15 210.192.96.0/19 211.76.96.0/20 211.78.208.0/20 211.90.0.0/15 211.136.0.0/13 211.144.12.0/22 211.144.160.0/20 211.147.208.0/20 211.152.14.0/24 211.154.128.0/19 211.155.24.0/22 211.157.32.0/19 211.160.0.0/13 211.233.70.0/24 218.0.0.0/11 218.56.0.0/13 218.64.0.0/11 218.96.0.0/14 218.102.0.0/16 218.104.0.0/14 218.194.80.0/20 218.240.0.0/13 219.128.0.0/11 219.232.0.0/19 219.154.0.0/15 220.160.0.0/11 220.181.0.0/16 220.192.0.0/12 220.228.70.0/24 220.248.0.0/14 220.250.0.0/19 220.252.0.0/16 221.0.0.0/12 221.122.0.0/15 221.176.0.0/13 221.192.0.0/14 221.200.0.0/14 221.208.0.0/14 221.212.0.0/16 221.214.0.0/15 221.216.0.0/13 221.224.0.0/13 221.228.0.0/14 221.238.0.0/15 222.32.0.0/11 222.64.0.0/12 222.80.0.0/12 222.132.0.0/14 222.136.0.0/13 222.166.0.0/16 222.168.0.0/13 222.172.222.0/24 222.176.0.0/13 222.184.0.0/13 222.241.0.0/19 # Hong Kong deny from 58.65.232.0/21 59.148.0.0/15 123.242.229.0/24 202.69.64.0/19 202.85.128.0/19 202.133.8.0/21 210.176.0.0/19 210.176.48.0/20 210.176.64.0/18 210.176.128.0/17 210.177.0.0/16 218.103.0.0/16 218.252.0.0/14 219.76.0.0/14 222.166.0.0/16 # India and Pakistan deny from 59.88.0.0/15 59.176.0.0/13 59.184.0.0/15 61.247.238.0/24 115.108.0.0/14 115.240.0.0/12 117.192.0.0/10 193.53.87.0/24 121.240.0.0/13 122.160.0.0/16 122.167.0.0/16 202.154.224.0/24 203.115.80.0/20 203.197.0.0/16 218.248.0.0/20 # Japan (hacking, scraping, or spamming) deny from 59.146.0.0/15 118.13.128.0/17 118.86.0.0/15 122.208.0.0/12 123.216.0.0/13 150.70.84.41 210.248.0.0/13 218.225.179.0/24 219.94.128.0/17 219.96.0.0/11 221.121.160.0/20 222.144.0.0/13 # Korea IP addresses follow: deny from 58.72.0.0/13 58.140.0.0/14 58.148.0.0/14 58.180.40.0/21 58.224.0.0/12 59.0.0.0/11 59.86.192.0/18 59.186.0.0/15 61.72.0.0/14 61.76.0.0/15 61.96.0.0/12 61.110.16.0/20 61.248.0.0/13 110.8.0.0/12 110.45.0.0/16 113.30.64.0/18 114.108.128.0/18 115.0.0.0/12 115.16.0.0/13 115.40.0.0/15 115.88.0.0/13 116.40.0.0/16 116.45.176.0/20 116.93.192.0/19 116.120.0.0/13 117.110.0.0/15 118.32.0.0/11 118.128.0.0/14 118.220.16.0/20 121.128.0.0/10 121.254.0.0/16 122.44.112.0/20 122.99.128.0/17 123.111.0.0/16 123.140.0.0/14 124.0.0.0/15 124.50.87.161 125.128.0.0/11 125.176.0.0/12 125.240.0.0/13 125.248.0.0/14 143.248.0.0/16 168.188.0.0/16 202.30.0.0/15 202.133.16.0/20 202.179.176.0/21 203.226.0.0/15 203.228.0.0/14 210.93.0.0/16 210.94.0.0/15 210.112.0.0/16 210.117.128.0/18 210.118.216.192/26 210.124.0.0/14 210.178.0.0/15 210.180.0.0/15 210.204.0.0/15 210.219.0.0/16 210.220.0.0/14 211.32.0.0/12 211.48.0.0/15 211.50.0.0/15 211.62.35.0/24 211.104.0.0/13 211.112.0.0/13 211.168.0.0/13 211.176.0.0/12 211.192.0.0/13 211.202.0.0/16 211.211.36.0/23 211.216.0.0/13 211.224.0.0/13 211.232.0.0/13 211.240.0.0/12 218.36.0.0/14 218.144.0.0/12 218.232.0.0/15 218.234.18.0/24 219.240.0.0/15 219.248.0.0/13 219.250.88.0/21 220.72.0.0/13 220.80.0.0/13 220.95.88.0/24 220.118.0.0/16 220.119.0.0/16 221.128.0.0/12 221.144.0.0/12 221.160.0.0/13 221.168.0.0/16 221.163.46.0/24 222.96.0.0/12 222.112.0.0/13 222.120.0.0/15 222.122.0.0/16 222.231.0.0/18 222.232.0.0/13 # Yahoo-Korea (provides free email services used by some spammers) deny from 123.0.0.0/20 # Neighboring Asian countries: # Malaysia deny from 60.48.0.0/14 60.52.0.0/15 60.54.0.0/16 112.137.160.0/20 115.132.0.0/14 116.206.0.0/16 120.140.0.0/15 124.82.0.0/16 124.217.224.0/19 202.58.80.0/20 202.71.96.0/20 202.75.32.0/19 203.223.128.0/19 210.187.49.0/25 218.111.0.0/16 218.208.12.64/27 ## END ASIAN BLACKLIST ## BEGIN EUROPEAN BLACKLIST # Russia, Ukraine, Bulgaria, Czech Republic, Romania, Latvia, Estonia, Kazakstan, Moldavia/Moldova, Poland, Serbia, Siberia, Slovakia, Slovenia deny from 62.16.96.0/19 62.64.64.0/18 62.69.0.0/19 62.76.126.0/24 62.85.0.0/17 62.133.128.0/19 62.141.64.0/18 62.168.224.0/19 62.182.104.0/21 62.213.64.0/18 62.233.142.0/26 70.85.189.224/29 77.37.128.0/17 77.41.0.0/17 77.43.128.0/17 77.45.128.0/17 77.51.0.0/18 77.51.64.0/18 77.75.8.0/21 77.79.244.0/22 77.87.152.0/21 77.88.0.0/18 77.91.224.0/21 77.94.124.0/22 77.120.0.0/14 77.221.128.0/19 77.222.128.0/19 77.233.160.0/19 77.234.0.0/19 77.234.192.0/19 77.244.208.0/20 78.26.128.0/18 78.36.0.0/15 78.85.0.0/16 78.96.0.0/15 78.106.0.0/15 78.108.176.0/20 78.109.16.0/20 78.110.48.0/20 78.110.160.0/20 78.129.128.0/17 78.157.128.0/19 79.98.208.0/21 79.99.216.0/21 79.111.0.0/16 79.120.0.0/17 79.126.0.0/18 79.136.128.0/17 79.139.128.0/17 79.140.64.0/20 79.140.160.0/20 80.48.0.0/13 80.71.240.0/20 80.73.64.0/21 80.77.80.0/24 80.82.160.0/20 80.85.176.0/20 80.86.96.0/19 80.86.240.0/21 80.91.160.0/19 80.93.48.0/21 80.233.128.0/17 80.235.0.0/17 81.5.96.0/20 81.9.0.0/20 81.16.80.0/20 81.19.64.0/19 81.21.0.0/20 81.30.176.0/20 81.88.208.0/20 81.89.112.0/20 81.90.224.0/20 81.94.32.0/20 81.95.144.0/20 81.176.0.0/15 81.181.16.0/22 81.195.0.0/16 81.196.0.0/16 81.200.0.0/20 81.222.128.0/20 82.76.0.0/14 82.103.64.0/18 82.114.224.0/19 82.138.6.128/25 82.138.32.0/19 82.140.64.0/18 82.144.192.0/19 82.146.56.0/21 82.151.112.0/21 82.160.203.0/24 82.179.0.0/16 82.199.96.0/19 82.204.128.0/17 83.19.145.232/29 83.102.128.0/17 83.148.64.0/18 83.166.192.0/19 83.167.96.0/19 83.170.192.0/18 83.174.192.0/18 83.219.129.0/24 83.222.0.0/19 83.222.160.0/19 83.222.192.0/19 83.229.128.0/17 83.237.0.0/16 84.17.0.0/19 84.21.64.0/19 84.51.64.0/19 84.253.64.0/18 85.14.35.0/24 85.21.0.0/16 85.29.192.0/18 85.90.192.0/19 85.93.32.0/19 85.93.128.0/19 85.94.0.0/19 85.94.32.0/19 85.112.112.0/20 85.113.128.0/19 85.121.180.0/23 85.140.0.0/15 85.142.0.0/15 85.192.60.0/23 85.204.24.0/23 85.207.0.0/16 85.249.0.0/16 85.255.0.0/20 85.255.112.0/20 86.34.0.0/16 86.35.0.0/21 86.35.128.0/17 86.55.120.0/22 86.57.128.0/17 86.125.88.0/21 86.127.19.0/24 87.99.64.0/19 87.103.192.0/20 87.103.208.0/20 87.110.0.0/16 87.117.0.0/18 87.118.128.0/18 87.119.224.0/19 87.120.16.0/20 87.204.0.0/15 87.226.0.0/17 87.242.116.0/23 87.248.160.0/19 87.251.128.0/19 87.253.192.0/19 88.81.248.0/21 88.147.128.0/17 88.200.128.0/17 88.201.128.0/17 88.205.128.0/17 88.212.192.0/18 89.20.128.0/19 89.21.128.0/19 89.28.0.0/17 89.32.152.0/21 89.33.72.0/21 89.35.64.0/21 89.37.144.0/21 89.38.112.0/20 89.38.128.0/21 89.41.176.0/20 89.44.142.0/23 89.104.64.0/19 89.106.96.0/19 89.108.64.0/19 89.108.120.0/22 89.109.0.0/18 89.110.0.0/18 89.110.64.0/18 89.111.160.0/20 89.111.176.0/20 89.113.72.0/21 89.114.54.0/23 89.121.128.0/17 89.122.0.0/16 89.123.0.0/16 89.136.0.0/15 89.149.0.0/17 89.165.128.0/17 89.175.0.0/16 89.178.0.0/15 89.186.0.0/19 89.187.48.0/23 89.187.128.0/19 89.190.224.0/19 89.208.160.0/19 89.212.64.0/18 89.218.0.0/16 89.222.128.0/17 89.223.0.0/17 89.239.128.0/18 89.251.96.0/20 89.253.0.0/18 90.150.112.0/20 90.150.128.0/20 90.151.128.0/20 90.156.128.0/17 90.176.0.0/13 91.76.0.0/14 91.122.0.0/16 91.123.0.0/19 91.124.0.0/16 91.135.192.0/22 91.143.160.0/20 91.149.157.0/24 91.149.180.0/24 91.189.80.0/21 91.189.128.0/21 91.191.64.0/18 91.192.68.0/22 91.193.140.0/22 91.194.10.0/23 91.197.128.0/22 91.200.228.0/22 91.200.232.0/22 91.203.4.0/22 91.203.92.0/22 91.205.124.0/22 91.206.200.0/23 91.206.226.0/23 91.207.4.0/22 91.207.60.0/23 91.208.228.0/24 91.211.64.0/22 91.211.68.0/22 91.212.41.0/24 91.212.65.0/24 91.212.198.0/24 91.212.226.0/24 91.213.33.0/24 91.213.121.0/24 92.36.0.0/17 92.46.0.0/15 92.48.126.128/25 92.48.201.0/26 92.50.128.0/18 92.53.104.0/22 92.80.0.0/14 92.82.0.0/16 92.83.0.0/16 92.84.0.0/16 92.112.0.0/15 92.114.128.0/17 92.124.0.0/14 92.241.160.0/19 92.244.224.0/19 92.255.0.0/16 93.80.0.0/15 93.84.0.0/15 93.86.0.0/15 93.92.32.0/21 93.99.0.0/16 93.113.27.0/24 93.120.128.0/18 93.159.0.0/18 94.25.0.0/17 94.26.0.0/17 94.50.0.0/15 94.73.192.0/18 94.79.0.0/18 94.100.181.128/25 94.103.80.0/20 94.176.96.0/24 94.178.0.0/15 94.188.0.0/17 94.189.128.0/17 94.229.65.160/27 94.230.0.0/20 94.247.0.0/21 95.24.0.0/13 95.52.0.0/14 95.64.128.0/17 95.108.128.0/17 95.132.0.0/14 95.168.160.0/19 95.188.0.0/14 141.85.0.0/16 158.197.0.0/16 160.99.0.0/16 188.24.0.0/14 188.120.32.0/20 188.131.0.0/17 192.129.3.0/24 193.19.244.0/22 193.25.112.0/23 193.37.138.0/24 193.37.156.0/23 193.39.113.0/24 193.47.166.0/24 193.77.64.0/18 193.108.38.0/23 193.108.248.0/22 193.178.144.0/22 193.178.228.0/23 193.200.50.0/23 193.223.101.0/24 193.227.226.0/23 193.230.232.0/24 193.238.128.0/22 194.0.88.0/22 194.29.60.0/22 194.44.36.0/24 194.85.88.0/21 194.85.128.0/19 194.102.114.0/24 194.114.144.0/22 194.160.0.0/16 194.176.176.0/24 194.181.0.0/16 194.186.0.0/16 194.187.108.0/22 195.2.96.0/19 195.2.240.0/23 195.2.252.0/23 195.3.148.0/22 195.5.116.0/23 195.28.32.0/19 195.34.224.0/19 195.42.160.0/19 195.60.174.0/23 195.88.32.0/23 195.93.218.0/23 195.93.218.0/24 195.95.218.0/23 195.95.228.0/23 195.112.96.0/19 195.116.0.0/16 195.128.16.0/22 195.128.48.0/21 195.131.0.0/16 195.137.200.0/23 195.138.64.0/19 195.138.198.0/24 195.170.192.0/19 195.189.246.0/23 195.190.13.0/24 195.208.0.0/15 195.209.32.0/19 195.209.224.0/19 195.216.243.0/24 195.225.64.0/22 195.225.176.0/22 195.239.0.0/16 195.242.98.0/23 195.242.232.0/22 195.244.128.128/25 195.245.112.0/23 195.245.208.0/24 204.9.184.0/21 212.1.224.0/19 212.9.224.0/19 212.24.32.0/19 212.33.224.0/19 212.44.64.0/20 212.44.80.0/22 212.44.128.0/19 212.58.192.0/19 212.92.128.0/18 212.96.160.0/19 212.118.32.0/19 212.158.160.0/20 213.25.0.0/16 213.35.224.0/23 213.91.128.0/17 213.140.96.0/19 213.141.128.0/19 213.142.192.0/19 213.154.192.0/19 213.156.192.0/24 213.170.64.0/19 213.186.192.0/19 213.215.64.0/18 213.233.101.0/24 213.242.12.0/22 213.248.0.0/18 217.12.112.0/20 217.12.240.0/20 217.16.16.0/20 217.18.240.0/20 217.20.160.0/20 217.23.128.0/19 217.27.144.0/20 217.28.208.0/21 217.65.208.0/20 217.67.16.0/20 217.77.208.0/20 217.106.0.0/15 217.114.224.0/20 217.146.240.0/20 217.147.0.0/19 217.149.240.0/20 217.173.64.0/20 217.174.96.0/20 217.197.240.0/20 # Turkey: web hosts and Turk Telekom customers - scammers, spammers, phishing websites and server script exploiters: deny from 77.79.64.0/18 78.160.0.0/11 79.135.160.0/19 81.213.0.0/16 81.214.0.0/16 81.215.0.0/16 82.222.0.0/16 84.51.0.0/18 85.96.0.0/12 88.226.0.0/16 88.229.0.0/16 88.231.0.0/16 88.232.0.0/16 88.233.0.0/16 88.234.0.0/16 88.238.0.0/16 88.239.0.0/17 88.241.128.0/17 88.243.0.0/17 88.245.0.0/16 88.247.128.0/17 88.248.0.0/13 89.106.0.0/19 89.113.72.0/21 92.63.0.0/20 93.187.200.0/21 94.78.64.0/18 160.75.0.0/16 188.3.0.0/16 194.27.48.0/23 195.155.0.0/16 195.174.0.0/15 195.175.0.0/17 212.15.0.0/19 212.95.40.0/23 212.174.113.0/24 212.175.0.0/16 # German ISPs used by hackers and spammers including 1&1internet DE and Schlund & Partners deny from 77.176.0.0/12 85.214.0.0/16 ## END EUROPEAN BLACKLIST # Add other blocked domain names or IP addresses here, starting with "deny from " without quotes # blacklist of various individual DDOS IPs 1-15-2010 deny from 172.158.3.2 200.3.181.76 187.152.160.92 141.223.129.69 190.59.118.54 #deny from 120.60.0.0/19 95.56.59.0/19 61.6.202.0/19 218.186.8.0/19 195.229.235.0/19 218.186.8.0/19 195.229.235.0/19 195.229.235.0/19 209.94.196.0/19 192.100.176.0/19 61.0.0.0/19 115.0.0.0/19 78.0.0.0/19 80.0.0.0/19 116.0.0.0/19 188.0.0.0/19 217.0.0.0/19 196.0.0.0/19 118.0.0.0/19 86.0.0.0/19 63.0.0.0/19 93.0.0.0/19 210.0.0.0/19 94.0.0.0/19 124.0.0.0/19 58.0.0.0/19 92.0.0.0/19 77.0.0.0/19 203.0.0.0/.255 85.0.0.0/19 41.0.0.0/19 88.0.0.0/19 220.0.0.0/19 202.0.0.0/19 60.0.0.0/19 141.223.129.0/19 122.0.0.0/19 190.59.118.0/19 119.0.0.0/19 186.0.0.0/19 110.0.0.0/19 187.152.160.0/19 200.3.181.0/19 83.0.0.0/19 87.0.0.0/19 201.0.0.0/19 189.0.0.0/19 168.243.0.0/19 140.109.0.0/19 125.0.0.0/19 121.0.0.0/19 117.0.0.0/19 114.0.0.0/19 59.0.0.0/19 # If you find that you need to poke a hole in the blocklist, for legitimate visitors, follow this example: allow from 123.456.789.0 # Real life example: Some forums have legitimate DSL customers in Mauritius, which is blocked by 196.0.0.0/9, in my blocklist. # To allow 8192 of these folks in Mauritius, just add the following directive: allow from 196.27.64.0/19 # Add "allow from" IP addresses, or CIDR Ranges, AFTER all of the "deny from" items, just before the closing Files tag. #Overseas employee1 example allow from 213.108.47.0/19 #Overseas employee2 example allow from 112.198.193.0/19 # Everything not included within these deny from ranges is PERMITTED by the allow portion of the directive. # This prevents web browsers or spiders from seeing your .htaccess directives: deny from all # End of .htaccess file
Source: http://joshua-mcclure.com/linux-ddos...with-htaccess/l0calh0st Reviewed by l0calh0st on . Block most DDoS using htaccess file! Hey, I found this on the net and wanted to share this with you all: Lately, it seems DDOS attacks have become a more popular way for a tech savvy customer or competitor to attempt a bit of revenge. I?ve consulted on several emergency projects within the past month in which a client?s server ? web sites creating sales of over $100,000 per day ? were brought down for hours or days due to a DDOS attacks that are easily mitigated with the proper techniques. Distributed denial of service or Rating: 5
Register To ReplySponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
Block DoS/DDoS attacks using IPTables in SSH
By DXS in forum Tutorials and GuidesReplies: 21Last Post: 27th May 2012, 03:20 PM -
Block ddos ip ? iptables dont works ?
By devNULL in forum Technical and Security TutorialsReplies: 0Last Post: 3rd Apr 2012, 08:27 AM -
Ultimate htaccess Blacklist For Bad Bots (ddos)
By shahpar in forum Technical and Security TutorialsReplies: 7Last Post: 26th Dec 2011, 12:42 AM -
Howto Block common DDOS Attacks
By robert420 in forum Tutorials and GuidesReplies: 0Last Post: 14th Oct 2010, 06:34 PM -
Block Copyright Authorities Via .HTaccess
By Fatal in forum Webmaster DiscussionReplies: 5Last Post: 4th Sep 2010, 08:51 PM
Staff Online
themaCreator - create posts from...
Version 3.17 released. Open older version (or...