As once again theÂ TSA reminds us that Christmas Snow Globes a threat to National Security, I thought it might be a good time to talk about the wide-World of bad-guys and some simple things you can do to guard your site from a potentially explosive situation.
Unlike the 5.5″ The Kneeling Santa Claus Musical Christmas Water Globe parodies above, there are some real threats to your website that are an unfortunate aspect of the “World Wide” nature of the Web.
Specifically, I’m talking about the army of professional hackers employed in far flung regions such as China, Nigeria and of course what is now the former U.S.S.R.
For that, I recommend a modification to yourÂ .htaccess file such as:
<Limit GET HEAD POST> deny from 218.25.161 allow from all </LIMIT>
If you look close, I’m only using 3 levels of the IP address to 126.96.36.199 through 188.8.131.52.
And where does one get a block ofÂ IPs to block? Glad you asked …
Pre-fabricated blacklists to block IP addresses of entire countries:
- WizCraft – Server .htaccess Blocklists for exploited servers (e.g. Russia and China)
- Block a country.com – block by ip address, block access by country
A bit more on .htaccess and mod_access:
- Apache Project: Module mod_access (v. 1.3) – allow
- ClockWatchers.com – .htaccess Tutorial how to block an IP address
Just remember to keep good backups of whatever files youâ€™re working on â€“ and try not to lock yourself out while experimenting with changes!