Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


how to block an unwanted "Host" IP address on shared hosting?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

how to block an unwanted "Host" IP address on shared hosting?

JDMcPeaJDMcPea Member
edited July 2019 in Help

I've got a few small websites on shared hosting and lately have been seeing a lot of this under my software's "Who's Online" feature:

5.101.217.145 (IP address accessing my site)
Host: 79.110.17.156
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
MYSITE/index.php?main_page=popup_image_additional&pID=6206&pic=0&products_image_large_additional=bmz_cache/9/93be31225c1d437734a5a984.image.600x450.jpg

there will be many different geographically different IP addresses accessing the site over a short period of time all with the same Host IP address. Usually Ukraine and Russia but not always. Sometimes they are just accessing cached images, sometimes web pages. Sometimes couple thousand hits in course of a day.

I figure it is some kind of distributed web crawling bot that is not identifying itself as a bot. Am in USA and not looking for international traffic - I'd like to block this kind of stuff but the IP addresses are always changing. Blocking the "host" IP address in .htaccess has no effect.

Have done some searches online but came up empty. Anyone know more about this and suggestions how to stop?

Comments

  • deankdeank Member, Troll

    .htaccess is probably the easiest route if you can use that.

    Just google htaccess IP block.

    Thanked by 1JDMcPea
  • hzrhzr Member
    edited July 2019

    Here's a list to block for your use case: https://pastebin.com/raw/k01NCKL8

    These IP blocks are 100% malicious, there is no legitimate use from them. I dealt with same ones. They truly host nothing but garbage - you won't have any accidental legitimate user blocks

  • @hzr said:
    Here's a list to block for your use case: https://pastebin.com/raw/k01NCKL8

    These IP blocks are 100% malicious, there is no legitimate use from them. I dealt with same ones. They truly host nothing but garbage - you won't have any accidental legitimate user blocks

    Thanks, will try adding these.

    Do know if the "Host" in this case is actually a kind of command center for all these other IPs or can someone just make up an IP address and have it show up under Host, just like you can change what shows up under User Agent?

  • I'm confused... Which IP is the request coming from? 5.101.217.145 or 79.110.17.156?

    Are the hits actually hurting your site at all?

  • In this case the hits are currently coming from 5.101.217.145 and maybe a dozen other IP addresses. Those IP addresses each usually will continue to access my site every 10-60 seconds or so for a while like they are scraping the site.

    Today they all show the same IP address 79.110.17.156 under "Host", whatever that means. The IP addresses that are accessing the site always seem to be different and the Host IP addresses also changes from day to day, maybe more often. "Host" IP locates usually to Ukraine or Russia.

    I don't think it has much effect on my site speed but it annoys me that I can't block them using .htaccess. I denied about 100 of the IPs in .htaccess, made no difference.

    Trying to learn more about it. What it is. Why would someone set up something like this? What are they doing? Etc. Instead of my usual couple hundred hits a day I am seeing 3000 hits and more somedays, not a big deal but still want to know what to do if it goes up to 500,000, etc.

    If it identified itself as a bot would probably never notice.

  • MikePTMikePT Moderator, Patron Provider, Veteran

    You can also ask your host to block that. :)

  • JDMcPea said: Today they all show the same IP address 79.110.17.156 under "Host", whatever that means.

    Where are you seeing that? What software are you using? Also, which hosting provider are you using for the site?

  • Software is Zen Cart and it has a feature called "Who's Online" in the admin. That is where I am seeing it.

Sign In or Register to comment.