I'm sure that you've at some point come across some annoying bot or individual who thinks that it's a good idea to spam your blog or contact form with a load of nasty links or blocks of complete gibberish. Sometimes they can be relentless and can really start to get quite annoying and so I searched for a method that once you have obtained their IP address could redirect them to another website altogether. The method is to use the .htaccess file in the root of a website's directory to redirect the offender's IP address to a new location. An .htaccess file is the default directory configuration file used on Apache Servers and can be used to rewrite URLs, to authenticate usernames and passwords or for customised error responses (error 404 pages etc). They can be created quite simply using any editor like notepad and are unusually saved without a filename and the extension of .htaccess.
What will I need to do this?
- Your hosting needs to support PHP
- Your hosting needs to be on an Apache Server - preferably Linux based - IIS will not support .htaccess files.
- You need to check with your host that .htaccess files are allowed to be used. This should be fine in most cases.
Getting their IP address
The first step is to get their IP address. On your blog this shouldn't be a problem as you normally get their IP address when they post a comment/reply to one of your blog's. With the forms on your website, those that use PHP can quite simply add one line of code to their form to e-mail script.
Create a hidden field and set the value to:
value="<?php echo HTTP_VARS['REMOTE_HOST'] .$HTTP_VARS['HTTP_USER_AGENT'] .$HTTP_VARS['REMOTE_ADDR'] .$HTTP_VARS['REMOTE_USER'] ?>"
Then when the form is posted with that hidden field included you will get the operating system, browser info and IP address of the user. Now if you look at all the e-mails coming in from the forms you can monitor if it's the same IP address that's using your form. If you're lucky and it is all from the same address then you need to just redirect the one address using the .htaccess file. If the fourth block of numbers are different each time but the rest are the same then that means they are still within the same IP address range and you need to redirect the range of IP's. If the address is different each time but it looks like the same offender then they are probably using an Internet Proxy Server. The next step is to lookup the addresses so you can get more clues about the offender.
For security add input filtering to the PHP code!
Make sure to wrap htmlentities() around each form variable.
Filtering must be done knowing what the destination of the data is. The destination in this case is an html page and hence htmlentities() is the most appropriate filter. If it were to be inserted into a database later, you would need to do some extra filtering such as addslashes() or mysql_real_escape_string() just before it went into the database. If you plan on sending it in an email, make sure you do some filtering appropriate for email such as validating the To: and From: addresses with a regex and running htmlentities() because most mail clients also have HTML engines built in.
Also, don't forget to check your webserver logs to see if the spammer has gone away or changed source. I've seen spammers persistently hitting the same site for months on end, changing their IP address every month or two. If a legitimate user were on the same ISP and got the same IP address after the spammer was finished with it, you could be sending real users away when you want to keep them.
Using WhoIs to Lookup IP address
You can look up an IP address or URL using a whois lookup and that will give you the information about it's owner. Now this does not mean in all cases that it's the offender who will be displayed on the record and in most cases it is in fact the user's Internet Provider. Now this is handy as if the offending IP's point towards this same Internet Provider but the addresses are different each time then keep all the e-mails as evidence and write an e-mail or letter to the provider detailing the offender and the spam. They should then deal with it on your behalf.
Otherwise it's quicker to make the .htaccess file and redirect them from your website. This can be more fun too as you can redirect them anywhere you want! It depends on how cruel you want to be!
How to redirect using .htaccess from a specific page
To block the offender from visiting a specific page (maybe the one with the form on) then use this code. This method will still allow them to access the rest of the website. Change the IP address to suit your offender, the page you want to redirect them from and the destination URL. Save it as .htaccess and put it in the root of your website.
Using a single IP address:
# permanently redirect specific IP request for single page
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_HOST} 22\.22\.22\.239
RewriteCond %{REQUEST_URI} page-with-form-on.php$
RewriteRule .* http://www.destinationwebsite.com/ [R=301,L]
Using an IP range:
# permanently redirect ranged IP request for single page
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_HOST} 22\.22\.22
RewriteCond %{REQUEST_URI} page-with-form-on.php$
RewriteRule .* http://www.destinationwebsite.com/ [R=301,L]
How to redirect using .htaccess from an entire website
To block the offender from being able to access your website at all then you want to use the following in your .htaccess. Change the IP address to suit your offender and the destination URL. Save it as .htaccess and put it in the root of your website. Also change the \.php to \.html if your website uses html for pages extensions and not php.
Using a single IP address:
# permanently redirect specific IP request for entire site
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REMOTE_HOST} 22\.22\.22\.239
RewriteRule \.php$ http://www.destinationwebsite.com/ [R=301,L]
Using an IP range:
# permanently redirect specific IP request for entire site
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REMOTE_HOST} 22\.22\.22
RewriteRule \.php$ http://www.destinationwebsite.com/ [R=301,L]
HTTP error 0 occurred
Multiple Websites & Shared Folders With VirtualBox On Windows 7 Host
LAMP Ubuntu Server On VirtualBox
Remove URLs using a robots.txt
SEO URL Canonicalization
Accessible CSS/XHTML - 3 Column Website Layout
Cascading Style Sheet (CSS) Styling Guide
.htaccess 301 Redirects for IP Ranges
Comments
I think a better idea would be to include a human verification. There are a couple methods you could use outside of a captcha system like simple math. Or you could add a hidden email field and stop processing if it is filled in. 99% of spam is automated with crawlers. And if you are getting too much of it your human verification system is likely the problem.
Hi David, yes this is true but if you get an automated system constantly attacking your website then this is a way of blocking them completely or redirecting them to a ‘honeypot‘.
Will that solution work if all I can get is their network domain, for instance: t-ipconnect.de to send everything from that domain to a specific page? Thanks much.
I don’t think you’ll be able to no, if you did manage to you could be redirecting thousands of other users with the same Internet Service provider, so I wouldn’t recommend it. You could try checking your server logs to see if their IP has been recorded there. Or install a captcha onto the form – http://www.captcha.net/
Okay, I do understand that, but then let me ask you one other thing… The person in question is obviously on a dynamic IP (cell phone actually from what I can tell). One is 91.46.148.196, another from 91.46.129.86, and the other is 91.46.143.208 To my untrained eye, I’d have to block everthing from 91.46.*.* Do I about have that right? This person is the only visitor I have ever had from Germany so I wouldn’t have a problem blocking them that way, but it seems to be I’d be redirecting thousands of people regardless???? Thanks so much by the way for such a comprehensive post and for your patience with my questions.
Yes that is correct. What exactly is this visitor doing on your website that you want them to stop? Glad you like the post, and no problem :)
From what I could tell it was break in attempts through old security flaws, and then some really vulgar attempted comments. I don’t really care about the comments as those are pretty much caught on the fly, but the break in attempts I take seriously. Oddly, I couldn’t get the above to work, however I was able to get this to work:
It will probably send most of germany to the redirected page, but at this point I’m okay with that. I’ll keep working on the 301 redirect as above. Maybe I just didn’t pass a value properly or something, but I keep getting a 500 error. I’ll also check with my isp re: redirects. Again, thanks so much!!!!
what if i want to block two ip range , for example : everything starting with 75.206 and everything starting with 69.99 how do i add both ?
@idan I believe if you just add them one after the other as rewrite conditions before the rewrite rule then if any of the conditions are met (e.g. if the visitor has an IP within the listed ranges) then they will be redirected to the URL you choose. Like so:
RewriteCond %{REMOTE_HOST} 75\.206 RewriteCond %{REMOTE_HOST} 69\.99One can in put in additional redirects into the same file by repeating the above you can direct specific users to specific websites.
Heya Darren, To do the one idan asked about is
RewriteCond %{REMOTE_HOST} 11\.11\.11 [NC,OR] RewriteCond %{REMOTE_HOST} 22\.22\.22 [NC] RewriteRule .* http://www.destinationwebsite.com/ [R=301,L]At least thats what is working for me
YOU ROCK! Thank you!
@Ben That will work but idan asked for only IPs that start with 75.206 so you would only need 75\.206 or as in your example 11\.11
Great tutorial! Wondering if I can redirect all IP’s except for mine. What’s the syntax for that?
Hello, My task is to redirect the address: http://129.187.108.123/ into this one: http://129.187.108.123/innovationadCoTeSys/ I have read during the weekend a lot of forums, I tried to understand the syntaxis how do I write a .htaccess, but nothing happens. My code is:
RewriteEngine on RewriteCond %{REMOTE_ADDR} ^(129\.187\.108\.123) RewriteRule .* http://129.187.108.123/innovationadCoTeSys/ [R=301,L].I´ve tried with [R], [R,L], IP with () or with ., and a lot of other codes and nothing happens. In the server the folders are: root/var/www/html/innovationadCoTeSys. I´ve tried to put the htaccess in each one of the levels (not at the same time) and nothing. I would really appreciate if you could give me some ideas where to put this file, or what to correct in the syntaxis. I wish you a nice day
@jacob - read this on how to block access to directories or files and allow access to only your IP http://httpd.apache.org/docs/1.3/mod/mod_access.html#deny
@Salvador have you tried just -
You should check with your webhost that you are allowed to use .htaccess files if you find these redirects are not working.
Post new comment