> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of Always Learning > Sent: Monday, August 29, 2016 1:50 PM > To: CentOS mailing list > Subject: Re: [CentOS] .htaccess file > > > > Hi, > > > My home system on a DSL line is getting worn out by bad behavior robots. > > > > Awhile back, I created a .htaccess file that block countries by IP blocks. > > Its 2MB in size. > > Do you control your home server ? If so, then .htaccess is the wrong > solution, because you need to incorporate blockages in your IP Tables > firewall and then use your Apache configuration file to restrict any remaining > unwanted visitors. > [Thomas E Dukes] Yes. I knew .htaccess wasn't the best method. I didn't know about ipsets. It make this so much easier. > .htaccess (its possible in Apache to rename it) is inefficient and suitable as a > second-rate solution when you are using a hosted service and lack full control > of the server. VPSs are cheap and a better alternative to hosted mail and > web. > > On my servers (C5 and C6) in IP Tables, I have three sets of blockages: > > * permanent for all ports > * only for web (port 80) > * only for emails (port 25) > > In web and emails there is a permanent table plus a monthly one (one for > every month). Perpetual pests go in the permanent tables and irritants in the > monthly table - otherwise the banned IPs entries would get too large. > > A compromised computer trying to send me junk mail or trying to wrongly > access a web page or attempting to break-in to SQL (instantly identified and > IP instantly blocked because I impose string size limits for the ?key=....) has > its IP added to the monthly list and remains there until one month after the > last access from that IP address. > > I am unwilling to be a passive victim of junk mail and web hackers. > [Thomas E Dukes] Same here!! > All home-made solutions but effective and robust. Centos made all this > possible (sincere thanks to the C-Team; they are all 'A*' rated). > [Thomas E Dukes] Ditto!! Thanks!!