error log question

Store Builder in detail Security
#1

In the past I was getting a lot of failed login attempts, so I added some deny from in my .htaccess.



order allow,deny
allow from all

deny from 89.0.0.0/8
deny from 87.0.0.0/8
deny from 117.0.0.0/8
deny from 218.0.0.0/8
deny from 61.0.0.0/8
deny from 5.0.0.0/8






I was just looking over my error log and see the following.


[Thu Sep 26 07:59:26 2013] [error] [client 5.158.239.82] client denied by server configuration: /home/jdneedle/public_html/index.php, referer: http://www.jdneedleart.com/dual-duty-plus-hand-quilting-thread-325-yards.html
[Thu Sep 26 07:59:26 2013] [error] [client 5.158.239.82] client denied by server configuration: /home/jdneedle/public_html/dual-duty-plus-hand-quilting-thread-325-yards.html, referer: http://www.jdneedleart.com/dual-duty-plus-hand-quilting-thread-325-yards.html
[Thu Sep 26 06:42:58 2013] [error] [client 61.135.190.222] client denied by server configuration: /home/jdneedle/public_html/index.php, referer: http://www.baidu.com/s?wd=Handembroiderypatterns%2Cdesigns%2Candsupplies.-JDNA%7CJackDempseyNeedleArt
[Thu Sep 26 06:42:58 2013] [error] [client 61.135.190.222] client denied by server configuration: /home/jdneedle/public_html/, referer: http://www.baidu.com/s?wd=Handembroiderypatterns%2Cdesigns%2Candsupplies.-JDNA%7CJackDempseyNeedleArt
[Thu Sep 26 06:42:57 2013] [error] [client 61.135.190.224] client denied by server configuration: /home/jdneedle/public_html/index.php, referer: http://www.baidu.com/s?wd=Clickheretofindaretailstorenearyou.-EmbroideryDesignsbyJackDempseyNeedleArtsince1949
[Thu Sep 26 06:42:57 2013] [error] [client 61.135.190.224] client denied by server configuration: /home/jdneedle/public_html/support-our-retailers-en.html, referer: http://www.baidu.com/s?wd=Clickheretofindaretailstorenearyou.-EmbroideryDesignsbyJackDempseyNeedleArtsince1949
[Thu Sep 26 05:12:22 2013] [error] [client 5.10.83.65] client denied by server configuration: /home/jdneedle/public_html/index.php
[Thu Sep 26 05:12:22 2013] [error] [client 5.10.83.65] client denied by server configuration: /home/jdneedle/public_html/robots.txt
[Thu Sep 26 05:12:22 2013] [error] [client 5.10.83.65] client denied by server configuration: /home/jdneedle/public_html/index.php
[Thu Sep 26 05:12:22 2013] [error] [client 5.10.83.65] client denied by server configuration: /home/jdneedle/public_html/robots.txt
[Thu Sep 26 04:33:36 2013] [error] [client 61.111.15.80] client denied by server configuration: /home/jdneedle/public_html/index.php
[Thu Sep 26 04:33:36 2013] [error] [client 61.111.15.80] client denied by server configuration: /home/jdneedle/public_html/Mittens-Christmas-Ornaments.html4.html17851logs
[Thu Sep 26 04:32:22 2013] [error] [client 61.111.15.80] client denied by server configuration: /home/jdneedle/public_html/index.php
[Thu Sep 26 04:32:22 2013] [error] [client 61.111.15.80] client denied by server configuration: /home/jdneedle/public_html/Mittens-Christmas-Ornaments.html4d-bd1d-134f1a622c4boving-to-next-round.htmlskey=Infinity-860903lan-860904.html-9C8D-B8E20D860904&click_id=D9C1A3DF-E545-4902-870E-2688FF90A44B
[Thu Sep 26 04:31:33 2013] [error] [client 61.111.15.80] client denied by server configuration: /home/jdneedle/public_html/index.php
[Thu Sep 26 04:31:33 2013] [error] [client 61.111.15.80] client denied by server configuration: /home/jdneedle/public_html/Mittens-Christmas-Ornaments.html16853_R02_14583.XMLer=020600&search_target=&keyword=&Flag=020000&nowpage=2&objpage=08983592724D860904-5A93-4EC2-923E-5C168C8C886D
[Thu Sep 26 04:30:27 2013] [error] [client 61.111.15.80] client denied by server configuration: /home/jdneedle/public_html/index.php




cpanel shows the last 300 messages and most are similar to the above. Should I be doing something else or am I being to restrictive in my htaccess file. We sell retail embroidery goods (ie… pillowcase, quilt blocks) mainly to the us and Canada, Sometime to the uk if they don't mind the shipping cost.



Thanks for any thoughts,

David

#2

I would rarely go stronger than '24 bits' of the address to mask. Going down to 8 bits will exclude huge chunks of addresses. I.e. you are rejecting class A addresses when you probably want to reject class C.

#3

I would l deny a lot of countries, since we mainly sell us, Canada.



If I use one of the ip address generators to give the listing for some counties the list is huge. Will this then slow down the server?

Or is there another way to deny by countries.



Dave

#4

10 ways to skin a cat. Your choice as to which you choose. Just consider the % of traffic that's going to be denied and then use the most efficient means for that. If 99.9% of your traffic would get through, then don't bottle things up at the front, but move the check to the rear. If it's occasional, just do it inside the cart. If you're getting hit by hackers/spammers from a specific IP range then exclude that particular range.



Do note that IP's are generally pretty static by country, there are no guarantees that class A IP 123 will be associated with country AB in the future. So using numeric IP's is always a risk long term.