On Sep 30, 2014, at 19:16 , Hans-Georg Scherneck <hgs@xxxxxxxxxxx> wrote: > My site is bombarded by POST requests from a site identifying itself like > 123.123.123.123.word.word.word.word > A "deny from" instruction with a string trying to match this in .htaccess does not appear to work (though other abusers with simple IP's I can get barred this way). You don't say where that sites identifies itself in such a manner. You should not enable reverse lookups (i.e. HostnameLookups should be Off, possibly some other settings), then the first column in your access.log should always be the actual originating IP address of that request. If they are real spammers, they have a botnet with lots of IPs in nearly as many locations and subnets. rainer --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|