I've got some joker trying to subscribe a bunch of email addresses to my mailman system and I want to block him from accessing the apache web server.
According to the apache log, he's accessing from a very consistent hostname ... variations on x12356.example.com.br (where the numbers changed).
The problem is, the actual hostname that's appearing in the log doesn't resolve ... but, once I was able to get the IP (by turning off hostname resolution), I found that the IP did resolve on a reverse IP lookup.
I tried the following in my htaccess file, but it's not blocking.
RewriteCond %{REMOTE_HOST} ".*\.example\.com\.br"
RewriteRule ^.* - [F,L]
I also tried a simple 'Deny from', but it's not blocking either.
Deny from .example.com.br
My gut says I'm missing something simple, but I can't see it.
Here's the complete .htaccess file...
RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_HOST} (.*)\.l\.mydomain\.com [NC]
RewriteRule ^$ http://lists.mydomain.com/listinfo/%1 [R=301,L]
RewriteCond %{HTTP_REFERER} mailbait [NC]
RewriteCond %{REQUEST_URI} !^/mailbait.php$
RewriteRule ^.*$ /mailbait.php [L]
SetEnvIfNoCase Request_URI "(testproxy|upload|xmlrpc|wp|blog|wordpress)" spammer=yes
RewriteCond %{ENV:spammer} ^yes$
RewriteCond %{REQUEST_URI} !^/tarpit.php$
RewriteRule ^.*$ /tarpit.php [L]
RewriteCond %{REMOTE_HOST} ".*\.example\.com\.br"
RewriteRule ^.* - [F,L]
Deny from .example.com.br
0 Answers