Block IP address

[JanMolendijk]

Strange activity`s (injection)

Pleasant Coursesweb,

I have whole day this visitor their is might a possibility in the code for something like injection.

No-one ever made it to get further, & this is interesting information for me.

For the moment I wanna keep the page how all is. Only my question how can I block this IP-address & keep the page running ?

Because I getting all registrations what he does on every second in my different registration-forms.

I guess this happens between automatic script what search for injection, I kept the page offline for a while & it still where running.

This is what happens continue from 20.117.73.35

Code: Select all

/Molendijk/home/index-group.php    id=51+%2F%2A%2A%2F%27%2F%2A%2A%2FOR%2F%2A%2A%2F%28SELECT%2F%2A%2A%2F5808%2F%2A%2A%2FFROM%28SELECT%2F%2A%2A%2FCOUNT%28%2A%29%2CCONCAT%280x46513670%2C%28SELECT%2F%2A%2A%2FMID%28IFNULL%28CAST%28COLUMN_NAME%2F%2A%2A%2FAS%2F%2A%2A%2FNCHAR%29%2C0x20%29%2C1%2C55

Hello,
You can block that ip address in php, using this code:

Code: Select all

if(strpos($_SERVER['REMOTE_ADDR'], '20.117.73') === 0) exit();

For instance, all of these will be blocked: 20.117.73.0 , 20.117.73.35 , 20.117.73.123, .... 20.117.73.255


Or, using .htaccess file:

Code: Select all

Order Allow,Deny
Deny from 20.117.73.
Allow from all