Quick apache .htaccess rules writer in PHP

Sometimes it’s good to have a quick .htaccess rules writer for your server / host, to block a larger number of IP addresses from accessing stuff on your site, like spambots, or people (bored kids ?) who try to hack into your site or blog. If you use any kind of statistics plugin on your wordpress blog, or any other stats on other platforms, you can most likely see the IP addresses and the paths these visitors have taken, trying to access your site in an unauthorised way, like trying to exploit a revolution slider vulnerability to show your config.php, or some other plugin.

So here’s the quickest way to deal with these IP addresses, presuming you are on a linux box with PHP installed, or on any computer with PHP available in command line (php5-cli package on debian/ubuntu/mint/fedora/q4os , basically, on most modern linux systems, and xampp or wampp package on windows based machines).

Image 1. Visitor trying to gain unauthorised access to wp-config.php

Image 1. Visitor trying to gain unauthorised access to wp-config.php

Open any simple text editor, nano, gedit, pluma, kate, notepad, whatever you are using to edit simple text files.

Browse through your statistics and copy the IP addresses in question. You can quickly find the ones that are …well, dubious, to say the least. (See image 1 , for example). Copy the IP address and paste it line-by-line in the simple text file.

After having browsed throught your log and having collected a number of IP addresses, save the file with any name, make sure you remember it, and its placement, so you’ll know what to enter in the PHP script you’ll write in a moment, for instance, “parseme.txt”.

It’s actually a good idea to keep the file and change its content every time you start capturing these bad IP addresses, in every IP “hunting” session, you clear the contents of the file and paste into it the lines / IPs you’ve captured in this session, and then save and parse the file with the PHP script.

And after saving the file, you parse it with a tiny php script, that you can use either on the command line, or in your browser.

Here’s the script:

<?php

$content = file_get_contents(“parseme.txt”);
$snippets= explode(“\n”, $content);
$nrsn= count($snippets);
$nrsn=$nrsn-1;
echo “\n\n”;
for($i=0;$i<$nrsn;$i++)
{
echo “RewriteCond %{REMOTE_ADDR} ^” . $snippets[$i] . “$ [OR]\n”;
}
?>

Replace the \n with <br> if you intend to run the script in your browser, or leave it as it is, if you intend to run it as I do, in the command line / terminal.

Save the php script with a name that’s intuitive, like “htdprocess.php” (.htaccess denier-processor), and then run it in the terminal with

php -f htdprocess.php (don’t forget to make the script executable, with chmod +x or chmod 755, if you’re on linux),

and copy the output and put it on your server, in your .htaccess file, and save it.

Now, IF YOU ARE DOING THIS FOR THE FIRST TIME, meaning you have no other rewrite rules set yet in your .htaccess, you must remove the [OR] conditional operator from the LAST line in the IP address block, and also add these two lines BEFORE the lines with the IP blocks:

RewriteEngine On

RewriteBase /

(also, pay attention to capitalisation ! It does matter) AND after the IP block that you’ve inserted, add this line:

RewriteRule ^.*$ – [F]

Presuming you have mod_rewrite enabled on your server or hosting account (most hosts, even free ones, have it installed, these days…), the IP addresses in question will NEVER be able to access anything on your site, they will be denied.

Your entire blocklist in your .htaccess will look like this:

RewriteBase /
RewriteEngine On

RewriteCond %{REMOTE_ADDR} ^201.94.151.6$ [OR]
RewriteCond %{REMOTE_ADDR} ^94.23.29.174$ [OR]
RewriteCond %{REMOTE_ADDR} ^195.202.64.253$ [OR]
RewriteCond %{REMOTE_ADDR} ^192.166.96.87$ [OR]
RewriteCond %{REMOTE_ADDR} ^46.119.115.165$
RewriteRule ^.*$ – [F]

Now obviously, since you care for your site/blog and you’ll do this checking for bad actors / bad IP addresses along the line, you’ll catch more and more IP addresses that need to be inserted into the block. No worries, simpy use the method outlined above (copy to the text file, and then parse it with the php script, and insert the output with the IP addresses in .htaccess.) to add the newly captured IPs ABOVE the already existing ones. Why ABOVE the block ? Well, because the PHP script writes the conditional [OR] operator at the end of every line with an IP address, so it’s simply faster to add it above the already existing block, instead of adding it below it, and then removing the [OR] operator from the last line.

And in case you want to directly download the PHP script, it’s RIGHT HERE (simply click on the link and save the file).

Let me know in the comments if you need help making sense of this all.

 

 


From the blog's feed: