Page 1 of 1

Banning at Server Level via SID

PostPosted: Sat Apr 11, 2009 10:23 pm
Author: tattee
Have you ever had a malicious user forever changing his IP by proxy and haunting your site(s) to no end?
YES, I think we all have...

WELL.... HERE'S A SOLUTION... ban by his unique System ID at the server level.

download your raw access logs for a time you know he/she was on your site wreaking havoc..
bring up the file in your favorite code editor (I use pspad)..
you should have the IP they used on site at the time..
do a search for it in the raw access logs..
look for a SID= inline with the IP they used.. thats the unique ID to the machine they used.
lets say its .. sid=b4b0acadf0g897d9791676776e0eoi4hju5
LETS BAN IT!!!

download your .htaccess file from your servers root folder and add the following.. (at the end of doc)

Code: Select all
Options All  RewriteCond %{HTTP_REFERER} ^http]RewriteRule .* /*.php?sid=b4b0acadf0g897d9791676776e0eoi4hju5 [F,L]    ErrorDocument 403 /403.php


now, that example is using my site for reference www.mysite.org .. you would change that to reflect your site... let's say your site is www.yoursite.com.. you would write the following..

Code: Select all
Options All  RewriteCond %{HTTP_REFERER} ^http]RewriteRule .* /*.php?sid=b4b0acadf0g897d9791676776e0eoi4hju5 [F,L]    ErrorDocument 403 /403.php


Upload the new .htaccess
Simple as that... he/she would need to find another machine to harass you on.
HE GETS A 403 at any address on your domain

**note - as this is my reseller domain, they cant access ANY of the domains beyond my main domain**

for added fun.. make a 403.php page saying THE FBI HAVE BEEN ALERTED TO YOUR ACTIVITY or something
or better yet.. place a redirect on your 403.php to the FBI website (keeping in mind your the referrer).

Re: Banning at Server Level via SID

PostPosted: Sun Apr 12, 2009 1:12 am
Author: Helter
nice tip. Im sure it will come in handy.