Marco Luthe Online!

I just recently took a look at my “Blog Info” stats page and saw the following:

I opened the hits table page of the FireStats WordPress plugin and saw a lot of traffic coming from the IPs starting with 83.190.___.___ (click here to see a screenshot from that “hits table” which grew really large because of those IP hit entries).

My access.log from yesterday (May 8th, 2008) shows:

6.218 hits from 83.190.158.162
4.428 hits from 83.190.187.154
4.012 hits from 83.190.186.37
3.282 hits from 83.190.222.58
1.038 hits from 83.190.165.173

First, I tried to ban them via .htaccess:

(...)
# END WordPress
#
## USER IP BANNING
<Limit GET POST>
order allow,deny
deny from 83.190.158.162
deny from 83.190.187.154
deny from 83.190.186.37
deny from 83.190.222.58
deny from 83.190.165.173
allow from all
</Limit>

Thanks to a clue from my provider (all-inkl.com) I changed this by using ModRewrite – this way, I do not have to look up every IP, I just use the requested URI:

#
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
# Against recent attacks with /tag/.../&/archiveform...
RewriteCond %{REQUEST_URI} (.*)/tag/(.*)/&/archiveform(.*) [NC]
RewriteRule ^(.*) - [F]
# Go on with WordPress
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
#

It’s good to have FireStats…