[support] Question on keeping the bad guys out

[Dan Kegel]

For what it's worth, on Drupal 6 I used .htaccess deny from rules to
ruthlessly block networks with spammers... and oddly enough, that
was effective.  It took a couple weeks to build up a complete enough
.htaccess block list.  This is complete crap, but it might still be
useful regardless of drupal version.

Here's the related excerpt from my current .htaccess.
- Dan

Order allow,deny
allow from all
# AhrefsBot
deny from 173.199.114 173.199.115 173.199.116 173.199.117 173.199.120
# webmeup.com / blexbot
deny from 108.178.53.226 108.178.60.2 198.143.187.202
# Too-frequent registers
#$ grep register www_logs/access_log | awk '{print $2}' | sort | uniq
-c | sort -n | awk '$1 > 7 {print $2}' > bad.new
#$ zcat www_logs/www.20130521.gz | grep register | awk '{print $1}' |
sort | uniq -c | sort -n | awk '$1 > 7 {print $2}' > bad.old
#$ fgrep -f bad.old bad.new
# Aw, screw it, deny everybody who over-accessed the register page on 20130825.
# First, class C or B network with multiple hits:
deny from 5.135
deny from 5.39
deny from 23.19
deny from 37.59
deny from 46.105
deny from 50.115
deny from 50.117
deny from 93.182
deny from 94.23
deny from 96.127
deny from 108.178
deny from 151.237
deny from 173.0
deny from 173.236
deny from 176.31
deny from 178.32
deny from 178.238
deny from 184.154
deny from 188.165
deny from 192.95
deny from 198.143
deny from 199.180
# Then individual addresses.  These probably aren't worth blocking.
deny from 1.83.33.254
deny from 108.163.224.181
deny from 108.62.71.76
deny from 109.231.47.99
deny from 110.86.185.249
deny from 118.208.100.93
deny from 120.37.243.163
deny from 138.91.33.87
deny from 142.91.79.16
deny from 142.91.79.6
deny from 173.208.2.157
deny from 173.213.90.5
deny from 173.254.255.133
deny from 176.61.140.238
deny from 178.137.83.252
deny from 178.216.48.237
deny from 178.63.199.209
deny from 180.180.104.227
deny from 182.52.46.99
deny from 192.157.239.74
deny from 192.254.78.26
deny from 192.40.88.202
deny from 198.12.124.103
deny from 198.175.125.173
deny from 198.2.198.132
deny from 198.49.70.131
deny from 198.52.240.60
deny from 199.119.226.123
deny from 199.59.63.245
deny from 199.91.174.227
deny from 204.12.208.162
deny from 206.214.93.150
deny from 208.89.208.165
deny from 219.83.100.195
deny from 27.159.239.22
deny from 37.187.73.26
deny from 5.34.242.16
deny from 5.39.44.28
deny from 59.183.7.52
deny from 66.248.193.63
deny from 69.175.39.229
deny from 78.10.93.101
deny from 79.133.196.50
deny from 80.72.38.195
deny from 83.111.98.126
deny from 88.156.13.111
deny from 89.230.79.51
deny from 91.121.164.212
deny from 91.236.74.165

# Login attacks
# grep 'POST /.q=user' www_logs/access_log | awk '{print $2}' | sort |
uniq -c | sort -n
deny from 188.143.233.136