-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Always Learning Sent: Monday, August 29, 2016 1:50 PM To: CentOS mailing list Subject: Re: [CentOS] .htaccess file
Hi,
My home system on a DSL line is getting worn out by bad behavior robots.
Awhile back, I created a .htaccess file that block countries by IP
blocks.
Its 2MB in size.
Do you control your home server ? If so, then .htaccess is the wrong solution, because you need to incorporate blockages in your IP Tables firewall and then use your Apache configuration file to restrict any
remaining
unwanted visitors.
[Thomas E Dukes]
Yes. I knew .htaccess wasn't the best method. I didn't know about ipsets. It make this so much easier.
.htaccess (its possible in Apache to rename it) is inefficient and
suitable as a
second-rate solution when you are using a hosted service and lack full
control
of the server. VPSs are cheap and a better alternative to hosted mail and web.
On my servers (C5 and C6) in IP Tables, I have three sets of blockages:
- permanent for all ports
- only for web (port 80)
- only for emails (port 25)
In web and emails there is a permanent table plus a monthly one (one for every month). Perpetual pests go in the permanent tables and irritants in
the
monthly table - otherwise the banned IPs entries would get too large.
A compromised computer trying to send me junk mail or trying to wrongly access a web page or attempting to break-in to SQL (instantly identified
and
IP instantly blocked because I impose string size limits for the
?key=....) has
its IP added to the monthly list and remains there until one month after
the
last access from that IP address.
I am unwilling to be a passive victim of junk mail and web hackers.
[Thomas E Dukes] Same here!!
All home-made solutions but effective and robust. Centos made all this possible (sincere thanks to the C-Team; they are all 'A*' rated).
[Thomas E Dukes] Ditto!!
Thanks!!