Posted by: Ken Harthun
.htaccess, Block IP, Security, spam
I often consult with people who are running online marketing businesses and soliciting opt-in subscribers to their newsletters. They do this through special landing pages that have forms specific to the information product they are offering. The danger in having such a form live on the web is not unknown–it’s relatively easy to initiate an SQL injection attack.
Another issue is spammers using robots to sign up for newsletters and then using the address of the marketer to attempt to hack the mailing list management service he uses. Most of these services use the marketer’s email address as the account username, so if a hacker or spammer has that information, they can then attempt an attack on the password.
Finally, there is the issue of junk traffic and subscriptions. Naturally, a marketer wants prospects that are not only interested in the products offered, but capable of buying them. Depending on the marketing methods used, traffic can come from anywhere in the world, and often does. My own newsletter at Ask the Geek has a worldwide subscriber audience.
Let’s say we want to block all traffic from China. It’s mostly useless, is spammer/hacker central and they don’t buy anything. Start with http://www.blockacountry.com. When you arrive at the site, look to the sidebar on the right and select the country or countries you want to block. You’ll be asked for your email address. This is OK, it’s just for update purposes. Click the submit button.
You’ll get a pre-configured text that you add to your .htaccess file on your web server. Here’s a look at the concatenated version of what I got:
ErrorDocument 403 http://www.proxynetwork.ws/blocked.html <Limit GET HEAD POST> order allow,deny deny from 220.127.116.11/14 deny from 18.104.22.168/13 deny from 22.214.171.124/16 deny from 126.96.36.199/15 ...[[huge list of every IP address in the country]]... allow from all </LIMIT>
You can change the location of the 403 error document to one you have created on your server. Then, just copy and paste or upload the file to your www root folder and you’re good to go. Full instructions are on the referenced website.