Comment bloquer des spammeurs gràce à leur IP ?

[Dax]

Bonjour à tous,

Je cherche un moyen de bloquer certains spammeurs en utlisant leurs adresses IP , on m'a indiqué d'utilisé un .htaccess comme ceci

<Limit GET>

order allow,deny

deny from 91.186.10.10

allow from all

</Limit>

Le problème est que le spammeur sévit sur un script qui est placé ici h**p://www.monsite.com/dossier-du-script , et que j'utilise déjà un htaccess pour la réécriture d'url dans ce dossier

Ma question est: ce système fonctionne-t-il si je place le htaccess à la racine ? Si la réponse est négative, alors quelqu'un pourait-il m'indiquer si cet exemple vous semble correct :

CODE

RewriteEngine on

RewriteBase /

# User-Agents with no privileges (mostly spambots/spybots/offline downloaders that ignore robots.txt)

RewriteCond %{REMOTE_ADDR} ^220\.181\.33\.225 [OR] #rude bot

RewriteCond %{REMOTE_ADDR} ^60\.28\.252\.77 [OR] #rude bot

RewriteCond %{REMOTE_ADDR} ^69\.31\.1\.154 [OR] #rude bot

RewriteCond %{REMOTE_ADDR} ^24\.86\.103\.176 [OR] #spammer

RewriteCond %{REMOTE_ADDR} ^81\.95\.146\.162 [OR] #spammer

RewriteCond %{REMOTE_ADDR} ^193\.252\.177\.186 [OR] #spammer

RewriteCond %{REMOTE_ADDR} "^63\.148\.99\.2(2[4-9]|[3-4][0-9]|5[0-5])$" [OR] # Cyveillance spybot

RewriteCond %{REMOTE_ADDR} ^12\.148\.196\.(12[8-9]|1[3-9][0-9]|2[0-4][0-9]|25[0-5])$ [OR] # NameProtect spybot

RewriteCond %{REMOTE_ADDR} ^12\.148\.209\.(19[2-9]|2[0-4][0-9]|25[0-5])$ [OR] # NameProtect spybot

RewriteCond %{REMOTE_ADDR} ^64\.140\.49\.6([6-9])$ [OR] # Turnitin spybot

RewriteCond %{HTTP_REFERER} iaea\.org [OR] # spambot

RewriteCond %{HTTP_REFERER} neopets\.com [OR] # referrer spam

RewriteCond %{HTTP_REFERER} spampoison\.com [OR] # looks exactly like a spambot

RewriteCond %{HTTP_REFERER} riaa\.com [OR] # some bot

RewriteCond %{HTTP_REFERER} cxa\.de [OR] # porn site

RewriteCond %{HTTP_REFERER} filthserver\.com [OR] # porn site

RewriteCond %{HTTP_REFERER} wastedpartygirls\.com [OR] # porn site

RewriteCond %{HTTP_REFERER} amateurxpass\.com [OR] # porn site

RewriteCond %{HTTP_REFERER} mature--young\.com [OR] # porn site

RewriteCond %{HTTP_REFERER} bloglisting\.com [OR] # porn site

RewriteCond %{HTTP_REFERER} nudecelebblogs\.com [OR] # porn site

RewriteCond %{HTTP_REFERER} sexrabbit\.de [OR] # porn site

RewriteCond %{HTTP_REFERER} busty2\.com [OR] # porn site

RewriteCond %{HTTP_REFERER} adult-models\.biz [OR] # porn site

RewriteCond %{HTTP_REFERER} freenudecelebrity\.net [OR] # porn site

RewriteCond %{HTTP_REFERER} limolimo\.net [OR] # dont know

RewriteCond %{HTTP_REFERER} shatteredreality\.net [OR] # spammer site

RewriteCond %{HTTP_USER_AGENT} ^[A-Z]+$ [OR] # spambot

RewriteCond %{HTTP_USER_AGENT} anarchie [NC,OR] # OD

RewriteCond %{HTTP_USER_AGENT} cherry.?picker [NC,OR] # spambot

RewriteCond %{HTTP_USER_AGENT} "compatible ; MSIE 6.0" [OR] # spambot (note extra space before semicolon)

RewriteCond %{HTTP_USER_AGENT} crescent [NC,OR] # OD

RewriteCond %{HTTP_USER_AGENT} "^DA \d\.\d+" [OR] # OD

RewriteCond %{HTTP_USER_AGENT} "DTS Agent" [OR] # OD

RewriteCond %{HTTP_USER_AGENT} "^Download" [OR] # OD

RewriteCond %{HTTP_USER_AGENT} EasyDL/\d\.\d+ [OR] # OD

RewriteCond %{HTTP_USER_AGENT} e?mail.?(collector|magnet|reaper|siphon| sweeper|harvest|collect|wolf) [NC,OR] # spambot

RewriteCond %{HTTP_USER_AGENT} express [NC,OR] # OD

RewriteCond %{HTTP_USER_AGENT} extractor [NC,OR] # OD

RewriteCond %{HTTP_USER_AGENT} "Fetch API Request" [OR] # OD

RewriteCond %{HTTP_USER_AGENT} flashget [NC,OR] # OD

RewriteCond %{HTTP_USER_AGENT} FlickBot [OR] # rude bot

RewriteCond %{HTTP_USER_AGENT} FrontPage [OR] # stupid user trying to edit my site

RewriteCond %{HTTP_USER_AGENT} getright [NC,OR] # OD

RewriteCond %{HTTP_USER_AGENT} go.?zilla [NC,OR] # OD

RewriteCond %{HTTP_USER_AGENT} "efp_AT_gmx\.net" [OR] # rude bot

RewriteCond %{HTTP_USER_AGENT} grabber [NC,OR] # OD

RewriteCond %{HTTP_USER_AGENT} imagefetch [OR] # rude bot

RewriteCond %{HTTP_USER_AGENT} httrack [NC,OR] # OD

RewriteCond %{HTTP_USER_AGENT} "Indy Library" [OR] # spambot

RewriteCond %{HTTP_USER_AGENT} "^Internet Explore" [OR] # spambot

RewriteCond %{HTTP_USER_AGENT} ^IE\ \d\.\d\ Compatible.*Browser$ [OR] # spambot

RewriteCond %{HTTP_USER_AGENT} "LINKS ARoMATIZED" [OR] # rude bot

RewriteCond %{HTTP_USER_AGENT} "Microsoft URL Control" [OR] # spambot

RewriteCond %{HTTP_USER_AGENT} "mister pix" [NC,OR] # rude bot

RewriteCond %{HTTP_USER_AGENT} "^Mozilla/4.0$" [OR] # dumb bot

RewriteCond %{HTTP_USER_AGENT} "mister pix" [NC,OR] # rude bot

RewriteCond %{HTTP_USER_AGENT} "^Mozilla/4.0$" [OR] # dumb bot

RewriteCond %{HTTP_USER_AGENT} "^Mozilla/\?\?$" [OR] # formmail attacker

RewriteCond %{HTTP_USER_AGENT} MSIECrawler [OR] # IE's "make available offline" mode

RewriteCond %{HTTP_USER_AGENT} ^NG [OR] # unknown bot

RewriteCond %{HTTP_USER_AGENT} offline [NC,OR] # OD

RewriteCond %{HTTP_USER_AGENT} net.?(ants|mechanic|spider|vampire|zip) [NC,OR] # OD

RewriteCond %{HTTP_USER_AGENT} nicerspro [NC,OR] # spambot

RewriteCond %{HTTP_USER_AGENT} ninja [NC,OR] # Download Ninja OD

RewriteCond %{HTTP_USER_AGENT} NPBot [OR] # NameProtect spybot

RewriteCond %{HTTP_USER_AGENT} PersonaPilot [OR] # rude bot

RewriteCond %{HTTP_USER_AGENT} snagger [NC,OR] # OD

RewriteCond %{HTTP_USER_AGENT} Sqworm [OR] # rude bot

RewriteCond %{HTTP_USER_AGENT} SurveyBot [OR] # rude bot

RewriteCond %{HTTP_USER_AGENT} tele(port|soft) [NC,OR] # OD

RewriteCond %{HTTP_USER_AGENT} TurnitinBot [OR] # Turnitin spybot

RewriteCond %{HTTP_USER_AGENT} web.?(auto|bandit|collector|copier|devil|downloader|fetch|hook|mole| miner|mirror|reaper|sauger|sucker|site|snake|stripper|weasel|zip) [NC,OR] # ODs

RewriteCond %{HTTP_USER_AGENT} vayala [OR] # dumb bot, doesn't know how to follow links, generates lots of 404s

RewriteCond %{HTTP_USER_AGENT} zeus [NC,OR]

# Below are filtered requests (mostly virus and other security holes sniffers)

RewriteCond %{REQUEST_URI} formmail [NC,OR]

RewriteCond %{REQUEST_URI} _vti_bin [NC,OR]

RewriteCond %{REQUEST_URI} MSOffice [OR]

RewriteCond %{REQUEST_URI} mail.?(pl|cgi) [NC]

RewriteRule .* - [F,L]

RewriteRule abuse templates/scammers.html

RewriteRule ^([a-zA-Z0-9]*).html detail.php?siteid=$1

RewriteRule rally-cars-for-sale.php index.php?catid=1&set_add_ad_cat=

RewriteRule race-cars-for-sale.php index.php?catid=3&set_add_ad_cat=

RewriteRule trackday-cars-for-sale.php index.php?catid=5&set_add_ad_cat=

RewriteRule karts-for-sale.php index.php?catid=7&set_add_ad_cat=

RewriteRule trailers-for-sale.php index.php?catid=9&set_add_ad_cat=

RewriteRule uk-racing-circuits.php motorsportlocations.php?catid=1

RewriteRule drag-strips.php motorsportlocations.php?catid=4

RewriteRule uk-hillclimbs.php motorsportlocations.php?catid=5

RewriteRule uk-inactive-racing-circuits.php motorsportlocations.php?catid=8

RewriteRule indoor-kart-circuits.php motorsportlocations.php?catid=11

RewriteRule outdoor-kart-circuits.php motorsportlocations.php?catid=12

RewriteRule motor-racing-museums.php motorsportlocations.php?catid=7

RewriteRule oval-racing-circuits.php motorsportlocations.php?catid=3

RewriteRule rally-stages.php motorsportlocations.php?catid=10

RewriteRule speed-venues.php motorsportlocations.php?catid=6

RewriteRule street-circuits.php motorsportlocations.php?catid=2

RewriteRule trackday-airfields.php motorsportlocations.php?catid=9

RewriteRule dadson-kart-challenge.php motorsportlocations.php?seriesid=2

RewriteRule wscc-speed-series-venues.php motorsportlocations.php?seriesid=1

<Files *>

order deny,allow

#deny from 84.92.125.171

#nigerian spammer

deny from 213.185.106.24

deny from 213.185.106

#some dutch scammer

deny from 213.181.88.58

deny from 213.181.88

deny from 87.106.29.229

deny from 87.106.29

# Nigerian/African 419 Scammers IP addresses follow: deny from 12.166.96.32/27 41.220.64.0/20 41.223.248.0/22 61.11.230.112/29 62.56.128.0/17 62.56.235. 62.56.236. 62.56.244.0/22 62.56.248. 62.128.160.0/20 62.173.32.0/19 62.192.128.0/19 62.192.140.250 62.193.160.0/19 63.70.178. 63.73.58. 63.100.193. 63.103.138. 63.103.139.64/26 63.103.140.0/22 63.109.245.168/29 63.109.248.128/25 63.122.154. 64.14.48.128/26 64.110.30. 64.110.31. 64.110.64.16/28 64.110.76.0/23 64.110.81. 64.110.93.16/28 64.110.93.176/28 64.110.147. 65.209.91. 65.209.92. 66.18.64.0/19 66.110.31. 66.178.7.16/29 66.178.7.32/28 66.178.46.0/24 66.178.55. 66.178.62. 66.178.80.176/29 66.178.81.64/29 66.199.241.82 66.205.20. 80.87.64.0/19 80.88.128.0/20 80.88.129. 80.88.130. 80.88.131. 80.88.132.0/26 80.88.132.64/27 80.88.132.104/29 80.88.132.128/26 80.88.132.192/27 80.88.132.224/28 80.88.132.240/29 80.88.133.0/25 80.88.134.0/26 80.88.134.64/29 80.88.136. 80.88.137. 80.88.138.0/25 80.88.138.128/26 80.88.138.192/27 80.88.139.0/25 80.88.139.128/26 80.88.139.192/27 80.88.139.224/28 80.88.140. 80.88.141.0/25 80.88.141.128/27 80.88.142. 80.88.143.128/24 80.88.144.0/23 80.88.146. 80.88.147. 80.88.148. 80.88.149.0/25 80.88.149.128/26 80.88.149.192/28 80.88.150. 80.88.151. 80.88.152. 80.88.153. 80.88.154.32/27 80.88.154.72/29 80.88.154.80/29 80.88.154.96/28 80.88.155.0/25 80.88.155.128/27 80.88.155.160/29

deny from 80.78.18.88/29 80.78.18.96/27 80.78.18.128/29 80.179.102.0/24 80.179.107.64/27 80.179.107.224/29 80.179.128.0/17 80.231.4.0/23 80.247.136.0/24 80.247.137.0/24 80.247.141.32/27 80.247.141.64/26 80.247.141.128/25 80.247.142.0/24 80.247.147.16/28 80.247.147.32/29 80.247.147.64/27 80.247.147.96/28 80.247.151.0/24 80.247.153.0/24 80.247.156.0/26 80.247.156.128/28 80.247.157.0/24 80.247.159.0/24 80.248.0.0/20 80.248.64.0/23 80.248.70.0/20 80.248.64.0/20 80.250.32.0/20 80.255.40.48/28 80.255.40.96/29 80.255.40.112/28 80.255.40.128/28 80.255.40.192/28 80.255.40.224/27 80.255.40.240/28 80.255.43. 80.255.46.0/29 80.255.46.16/28 80.255.46.64/29 80.255.59.19 80.255.59.0/24 81.18.32.0/20 81.18.40.0/24 81.18.42.0/24 81.23.194.0/27 81.23.194.64/27 81.23.194.128/25 81.23.195.0/24 81.23.196.0/25 81.23.196.128/29 81.23.200.0/21 81.24.0.0/20 81.91.224.0/20 81.199.0.0/16 81.199.6.0/24 81.199.7.0/24 81.199.72.0/22 81.199.76.0/24 81.199.82.0/23 81.199.84.0/22 81.199.84. 81.199.85. 81.199.86. 81.199.87. 81.199.88. 81.199.89. 81.199.90.0/24 81.199.94.0/23 81.199.108.0/22 81.199.124.0/22 81.199.240.0/21 82.128.0.0/17 83.229.100.0/23 84.254.188.3 84.254.128.0/18

deny from 155.239.0.0/16 192.116.64.0/18 192.116.128.0/18 192.116.152.0/21 193.110.2.0/23 193.189.0.0/18 193.189.64.0/23 193.189.128. 193.219.192.0/18 193.220.0.0/16 193.220.26.0/24 193.220.30.0/26 193.220.30.64/27 193.220.31.0/26 193.220.31.64/27 193.220.45.0/25 193.220.47.0/25 193.220.77.0/26 193.220.187.0/26 193.220.187.128/27 195.8.22. 195.44.168.0/21 195.44.176.0/21 195.137.13. 195.137.14. 195.166.224.0/19 195.166.237.40 195.166. 195.219.176. 195.225.62.0/23 195.245.108.0/23 196.1.176.0/20 196.3.60.0/22 196.3.180.0/22 196.29.208.0/20 196.38.110.0/23 196.45.192.0/18 196.46.240.0/21 196.46.144.0/22 196.200.0.0/20 196.200.64.0/20 196.200.112.0/20 196.201.64.0/19 196.201.64.128/25 196.201.65.0/24 196.202.160.0/19 196.202.224.0/21 196.207.0.0/20 196.207.128.0/18 196.207.192.0/18 196.207.247.0/24 196.220.0.0/19 204.118.170.0/24 209.88.163. 209.101.84. 209.159.164. 209.159.166.0/24 209.198.240.0/23 209.198.242.16/28 209.198.242.96/29 209.198.242.104/30 209.198.242.108/31 209.198.242.128/27 209.198.246.240/28 212.96.2.0/23 212.96.4. 212.96.28. 212.96.29. 212.96.30. 212.100.64.0/19 212.165.128.0/17 212.165.132.64/27 212.165.135. 212.165.140.16/29 212.165.140.64/26 212.165.140.128/25 212.165.141.0/24 212.165.147.0/26 212.165.147.128/26 212.199.108.0/24 212.199.251.0/24 212.247.93.0/24

deny from 213.136.96.0/24 213.136.116.0/24 213.140.62.0/23 213.150.192.0/23 213.166.160.0/19 213.181.64.0/19 213.185.96.0/21 213.185.106.0/24 213.185.112. 213.185.113.0/26 213.185.124. 213.187.135. 213.187.145. 213.211.128.0/18 213.211.188.0/24 213.232.96. 213.255.193. 213.255.195.0/25 213.255.195.128/27 213.255.198. 213.255.199. 216.72.104.0/21 216.74.187.0/24 216.129.147.128/28 216.129.159. 216.133.174. 216.147.132.144/28 216.147.132.160/28 216.236.200.96/28 216.236.202.96/28 216.236.205.0/24 216.236.222.128/26 216.250.195.0/27 216.250.195.64/26 216.250.221.0/24 216.250.222.0/24 216.252.176.0/24 216.252.177.0/24 216.252.231.0/25 216.252.245.0/24 217.10.163.128/26 217.10.163.192/27 217.10.163.224/27 217.10.166.0/26 217.10.166.64/28 217.10.169.0/24 217.10.170.0/24 217.10.171.0/24 217.10.173.0/26 217.10.182.0/27 217.10.184.0/24 217.14.80.0/20 217.15.124.0/25 217.20.241.0/25 217.20.241.128/29 217.20.241.136/29 217.20.241.144/28 217.20.241.160/29 217.20.241.168/29 217.20.241.176/29 217.20.241.184/29 217.20.241.192/29 217.20.241.200/29 217.20.241.208/29 217.20.242.0/24 217.20.243.24/29 217.20.243.32/27 217.78.64.0/20 217.117.0.0/20 217.146.3.144/28 217.146.3.160/28 217.146.3.176/29 217.146.3.224/27 217.146.4.64/26 217.146.5. 217.146.6.0/25 217.146.6.160/27 217.146.7. 217.146.8.0/25 217.146.9. 217.146.10.128/25 217.146.11.0/25 217.146.12. 217.146.13. 217.146.14.0/25 217.146.15.0/25 217.146.16.0/27 217.146.16.32/29 217.194.140.0/22 217.194.144.0/20 217.20.242.0/27 217.20.242.32/28 217.20.242.48/29

# Tentative CIDR block for 16,777,216 AfriNIC assigned IPs

#deny from 41.0.0.0/8

# Pan Am Sat Nigeria and South Africa

deny from 216.139.160.0/19 216.139.176.136/29

# Added Goldenlines.net.il (Israel) because of Open Proxies used by Nigerian scammers

deny from 80.179.244.0/24

# The CIDRs below are Canadian Satellite ISPs that appear to have reassigned these IP blocks to Nigeria

deny from 64.86.155.0/24 64.201.33.0/24 216.185.79.0/24

# added this German ISP on 5/1/05, probably reassigned to Nigeria: 62.192.128.0/19

# Added Sky-Vision satellite services for African and Eastern European Internet Cafes

deny from 83.229.64.0/18 217.194.144.0/20

# Kenya, Somalia, Zimbabwe, Ghana and some misc Nigerian IPs

deny from 196.200.0.0/16 196.201.0.0/16

# Added New Skies Satellite Service (Nigeria + Africa) on Dec 7, 2005:

deny from 66.178.0.0/17

deny from 66.178.0.0/17

# Amsterdam, The Netherlands Versatel Nederland DSL-NAT Customers - Lottery and 419 scammers

deny from 62.59.36.0/22 62.59.40.0/21 62.59.48.0/22 82.93. 82.168.0.0/14

# Italian Satellite ISP for Nigeria added 04/08/2006

deny from 83.137.61.0/24

# Ironlinkus.com Satellite Services (Africa - used by scammers) - added on 08/08/2006

deny from 216.118.252.0/24 216.118.253.0/24

# End Nigerian/African blocklist

# Turkish 419 scammers:

deny from 66.199.224.0/19 72.36.168.153/29 85.98.160.0/20 212.174.113.0/24

# Turkey Telecom entire CIDRs: 85.98.128.0/17 212.174.0.0/17 - for future blocking

# Added CHINANET Guangdong province network, Beijing, China, on 11/16/05

deny from 219.128.0.0/13 219.136.0.0/15 220.181.0.0/16

# Add other blocked domain names or IP addresses here, starting with "deny from " without quotes

# If you find that you need to poke a hole in the blocklist, for legitimate visitors, follow this example: allow from 123.456.789.0

# Add "allow from" IP addresses, or CIDR Ranges, after all of the "deny from" items, just before the closing Files tag.

# Everything not included within these deny from ranges is PERMITTED by the allow portion of the directive.

</Files>

<Files 403.shtml>

order allow,deny

allow from all

</Files>

# This prevents web browsers or spiders from seeing your .htaccess directives:

<Files .htaccess>

deny from all

</Files>

# End of file

[Daxey]

Salut Dax, (ca me fait bizarre vu que c'est aussi mon pseudo...)

En fait tu veux savoir si tu peux mettre le Limit dans le même .htaccess ?

Si oui ba ça ne pose pas de souci.

Personnellement je mettrai le limit tout en haut du fichier.

[Dudu]

Salut

Je vais être hors-sujet, désolé...

... mais SurveyBot n'est pas un spammeur. C'est le robot de domaintools.com (anciennement whois.sc) qui est un des meilleurs outils de whois.

De plus, il respecte robots.txt à ma connaissance.

Ceci étant, tu peux aussi ne pas avoir envie de lister ton domaine sur cet outil de whois en particulier. Si c'est ton choix, laisse tel quel bien sûr

[Dax]

Merci pour vos réponses

[pierreandre]

Bonjour,

Je pense être un peu hors sujet, même si j'ai un problème très similaire.

J'ai un spammeur porno qui vient tous les jours sur mon site. Je voudrais mettre une gamme de ses ip, interdite :

77.0.0.0 - 77.255.255.255

J'ai en exemple :

RewriteCond %{HTTP_USER_AGENT} ^124.240.124.164$ [OR] # Asia porn

Comment écrire la fameuse gamme de 77.0.0.0 à 77.255.255.255 sans obtenir une «internal server error»

Merci d'avance, pierreandre

[Dax]

Je sais pas si çà peut t'aider parce que là c'est vraiment large comme fourchette, mais pour bloquer les spammeurs en provenance d'une région je crois que tu peux indiquer seulement les deux ou trois premiers chiffres de l'IP comme dans cet exemple pour bloquer des spammeurs du Niger

<Limit GET>

order allow,deny

deny from 213.185.106

allow from all

</Limit>

Modifié 1 Mars 2008 par Dax