Replies: 0
Hi Folks,
I have some bad actors in Bulgaria who have been overloading my site many time per day for a couple of weeks.
I am a user, not developer, so I hope you understand what I write here.
They mainly use IP 87.246.7.212, so I first blocked it on Ban Hosts as 87.246.7.*
However that did no good, and 1 week later I added 87.246.7.212 as well.
On the plugin user interface it now shows:
Ban Hosts:
87.246.7.0/24
87.246.7.212This is confirmed on my .htaccess as it includes:
# Ban Hosts - Security > Settings > Banned Users
SetEnvIF REMOTE_ADDR "^87\.246\.7\.212$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^87\.246\.7\.212$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^87\.246\.7\.212$" DenyAccess
SetEnvIF REMOTE_ADDR "^87\.246\.7\.[0-9]{1,3}$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^87\.246\.7\.[0-9]{1,3}$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^87\.246\.7\.[0-9]{1,3}$" DenyAccess
<IfModule mod_authz_core.c>
<RequireAll>
Require all granted
Require not env DenyAccess
Require not ip 87.246.7.212
Require not ip 87.246.7.0/24
</RequireAll>
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Allow from all
Deny from env=DenyAccess
Deny from 87.246.7.212
Deny from 87.246.7.0/24
</IfModule>However again just now, my site db was unavailable due to overload and again I find 7 connections from 87.246.7.212.
This is happening several times per day that I get overload and the site is inaccessible.
On each occasion 87.246.7.212 or 87.246.7.* from Bulgaria are there as the last entry with the most connections on the DirectAdmin server load average warning message. Sometimes >50 from that IP alone – and they are always the last entry.
I though Ban Hosts was meant to stop 87.246.7.212 from being able to even see our site, never mind interact with it. Is that correct?
Is there any help or advice you can offer on this? I am really getting tired of them.
Regards and thanks,
Angus