How To Block An IP Address
how to stop hackers and ddos attacks

How To Block An IP Address

How To Block Hackers

In this tutorial, I will show you how to block IP addresses, search engines, and bad websites. The reason you want to do this is to stop them from stealing your passwords, credit cards your content, injecting malware, or deleting your whole website altogether. A bad bot can that come from these IP address can flood your website with unnecessary requests (DDoS Attacks), which can cause issues with your hosting account, hacking into your site, and just downright take your whole website down.

So what can you do? Well, you can simply stop these bad boys right in their tracks; BLOCK THEM. I’m going to show you how to block them by entering a piece of code in your .htaccess file.

There are three ways to block them using htaccess: blocking by IP address, the website they are coming from, and by a search engine. Yes, search engines misbehave too. You do have those Fake Crawlers that will use the name of Bing, Google, Baidu, etc. BUT before you block, make sure these are actual fake crawlers. You don’t want to block the real search engines, thinking they are fake. So let’s get started.

You’re going to need access to your cPanel Dashboard and as always make sure you backup your website

Now that we are in your cPanel, let’s walk through blocking the actual IP address first. now there

Block IP Address From Website

  1. Scroll down, click on file manager and make sure the site you are working on is selected. Click show hidden files and click go. Find your .htaccess file, click on it and click edit at the top and edit again. To block by IP address, just add this piece of code below. Make sure you replace the IP address with the one you are blocking.

“deny from 123.123.123.123”

YouTube video

This code should be added right before the words “#end WordPress” and click save.

How To Block A Search Engine

  1. To block by a search engine, just repeat step one. Scroll down, click on file manager and make sure the site you are working on is selected. Click show hidden files and click go. Find your .htaccess file, click on it and click edit at the top and edit again. To block search engines, just add this piece of code below. Make sure you replace the code with the misbehaving search engine.

DON’T BLOCK GOOGLE, BING, OR ANY OTHER REAL SEARCH ENGINES! ONLY BLOCK FAKE BOTS, HACKER SITES, AND MALICIOUS SITES.

 

“RewriteEngine On

RewriteCond %{HTTP_USER_AGENT} ^.*(Baiduspider|HTTrack|Yandex).*$ [NC]

RewriteRule .* – [F,L]”

This code should be added right before the words “#end WordPress” and click save.

How To Block A Website

  1. And lastly to block a bad website, repeat step one with a different code. Scroll down, click on file manager and make sure the site you are working on is selected. Click show hidden files and click go. Find your .htaccess file, click on it and click edit at the top and edit again. To block a bad website, just add this piece of code below. 

“RewriteEngine On

RewriteCond %{HTTP_REFERER} example\.com [NC]

RewriteRule .* – [F]”

and click save.

Make sure you replace example.com with the bad website you are blocking!

BONUS!

4. Now here is one more thing, if you want to just temporarily block a search engine, including Google or Bing, while you are running an advertising campaign, temporarily use this code,

“ErrorDocument 503 “Site temporarily disabled for crawling”

RewriteEngine On

RewriteCond %{HTTP_USER_AGENT} ^.*(bot|crawl|spider).*$ [NC]

RewriteCond %{REQUEST_URI} !^/robots\.txt$

RewriteRule .* – [R=503,L]”

and click save.

NOTE: I wouldn’t suggest leaving this temporary code in your .htaccess file for longer than 2 days. 

#wordpress #wordpress2019 #howto

Here is a list of Bad Websites

See the rest at kloth.net bad websites

BLOCK THIS MALICIOUS WEBSITE 203.133.170.53

 

76.10.155.74 – 76-10-155-74.dsl.tech-savvy.com 2007-10-25 EasyDL/3.04 http://keywen.com/Encyclopedia/Bot N What is this, another content scraper?
65.55.165.52 – bl2sch1081918.phx.gbl 2007-10-24 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322) N A bot from Microsoft, following the msnbot, polluting the logs with fake referrals like http://search.live.com/results.aspx?q=stuff&mrt=en-us&FORM=LIVSOP. A very shady black-hat operation, using various IP addresses 65.55.165.0/24, a bot masquerading and hiding behind a user browser UA string, polluting logs statistics by sending fake traffic pretending to be using search traffic from search.live.com. Very rude and annoying. They can’t even get their RDNS PTR records right. Well, it’s Microsoft as we know them.
207.96.148.8 – — 2006-05-05 Mozilla/4.0 (compatible; MSIE 5.0; Windows NT) Unknown unknown bot, hosted by rdprm.gouv.qc.ca, PQ, CA.
209.237.238.230 – — 2006-05-03 Unknown unknown bot of alexa.com, US. The weird operation does not respect the robot’s standard, as an unknown bot (empty UA string) can not be dis-allowed. Sending an anonymous bot from non-resolving IP addresses with no associated PTR records does not add to professionalism and trust.
209.237.238.235 – — 2006-04-21 N
209.237.238.224 – — 2006-04-10 N
64.15.129.5 – ip-64-15-129-5.reverse.privatedns.com 2006-05-02 http://www.picsearch.com/bot.html N unknown bot, 69.46.0.142 hosted by NOC4HOSTS, US. Content harvester with faked UA ?
69.46.0.142 – — 2006-05-02 http://www.picsearch.com/bot.html N
66.90.110.192/22 – — 2006-05-02 T8Abot/v0.0.7-beta (3724461@gmail.com) N unknown bot, hosted by FDC Servers, fdcservers.net, US. Massive operation using many IP addresses (66.90.110.199 … 66.90.110.254)

6 thoughts on “How To Block An IP Address”

  1. Hey Pat, how are you?

    Thank you so much for this information, I believe that having your website hacked is the worst nightmare for an Admin (besides Google Ads send you the famous message), I’m extremely aware of it, so thank you so much. A quick question: How do you know a website is bad to block it, the same question for search engines? Thank you

    1. Hello Kate, there a few ways you can tell to tell which bad websites to block.
      First, your hosting dashing board shows you your usage stats in 2 hour and 24 hour processes, and if you notice the usage is way higher than usual and you are not running a campaign, something is going on. Also the usage goes from the color green, yellow and orange. With that being said, if the color is in the yellow and orange color, someone may be continuously trying to hack your website or send so many executions to bring your website down. And sometimes your hosting company may catch this and send you and email, plus ask you to block that website or ip address.
      Second, there are plugins that will let you see who is on your website in real time by the ip address, the country and search engine. If you see the same exact ip address going through some of your pages most customers don’t visit like pages number 2, 3 and so on, and they keep doing this, someone is looking for a way to get in. Formilla Live App does a great on letting you know whose on your website in a live manner. Crazy Egg Heat maps and Hotjar are also heat maps that will give you this information in real time. It’s the same thing for search engines.

  2. Hello Pat,

    I’m managing few websites together, and I have so many malicious & suspicious bots that visit my website almost daily, so it takes time for me to go through each one manually, I was wondering if there’s a plugin I can install that could do this job, instead of going through it manually Thank you

    1. Yes there are Etienne, there are plugins that will let you see who is on your website in real time by the ip address, the country and search engine. If you see the same exact ip address going through some of your pages most customers don’t visit like pages number 2, 3 and so on, and they keep doing this, someone is looking for a way to get in. Formilla Live App does a great on letting you know who is on your website in a live manner. Crazy Egg Heat maps and Hotjar are also heat maps that will give you this information in real time. It’s the same thing for search engines.

    2. Yes, there are plugins that will let you see who is on your website in real time by the ip address, the country and search engine. If you see the same exact ip address going through some of your pages most customers don’t visit like pages number 2, 3 and so on, and they keep doing this, someone is looking for a way to get in. Formilla Live App does a great on letting you know whose on your website in a live manner. Crazy Egg Heat maps and Hotjar are also heat maps that will give you this information in real time. It’s the same thing for search engines.

  3. This was fantastic information. I am a new website owner and I know as my website grows, security needs to become more of a priority. I have been exploring my options and I want to make sure my site is completely protected from hackers. I know there are all over online and it is imperative that I get my security measures maximized.

Leave a Comment

Scroll to Top