Denying access to non-existing directory

Fix it!!

Denying access to non-existing directory

Postby Marcelo » Sat Nov 10, 2007 2:03 pm

I have had a guestbook on my site but removed it due to guestbook spamming. Now I still get hits to the removed directory, generating a lot of 404 errors in my logs. I would like to stop the entries in the log by simply denying access to anyone trying to access the directory it was in by matching any directory that has the string "directory" in it, as the spammers try variations on the pathname.

I tried to do this:
Code: Select all
Options +FollowSymLinks

RewriteEngine On
RewriteBase /
RewriteRule ^guestbook$ - [F]


But this does not work. Blocking access based on referer does not work as the spamming comes from hijacked machines and thus the address it comes from is unpredictable.

Any suggestions on how to solve this?
Marcelo
 
Posts: 9
Joined: Tue Nov 06, 2007 6:03 am

Postby richardk » Sun Nov 11, 2007 11:16 am

^guestbook$ only matches "/guestbook"

Try the following in a .htaccess file in your document root
Code: Select all
Options +FollowSymLinks

RewriteEngine On

RewriteRule ^guestbook(/.*)?$ - [F,L]


A 403 (forbidden) error will probably show up in your logs too, so you might want to rewrite to a blank file instead by replacing
Code: Select all
- [F,L]

with
Code: Select all
/a-blank-file [L]
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby Marcelo » Thu Nov 15, 2007 12:38 pm

Thanks again Richard, I thought I'd need pattern matching, but did not know how. To prevent the access denied messages, I have added an empty file as you suggested.
Marcelo
 
Posts: 9
Joined: Tue Nov 06, 2007 6:03 am


Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 14 guests

cron