TheChrisD - Rant Central

.htaccess hacking

For those of you who did read the welcome paragraph while I was back on Dreamhost, you’ll know that all activity on my site is logged with Statpress. So I log back on this morning after some CoD4 (getting those Intel items and trying to figure out WTH I can’t seem to find all those blooming TVs…), and notice that in only 4 hours, there’s been around 300 page-views.

So, first thing I’m thinking is “Holy crap, what the hell?”, especially as the visitors total was a mere 6. Someone sure has been browsing through the archives
So, a little digging down shows that they came primarily from an IP in Brazil. Now, I’m getting a little suspicious. Further digging reveals whoever it was had viewed enough stuff to fill 11 pages in phpMyAdmin…, and even more suspicious is that each page-view was, on average, 3 seconds apart and seemed to alternate originating from IE6 or IE7. Alright, that goes to show that there were a few things possibly going on:

• Hyper-browsing of my site (Doubtful, the page would barely be loaded and you’d be going to the next one at that rate)
• A new search engine spider (More doubtful since user-agent was IE6 and IE7)
• Some possible hack/phisher/deliberate bandwidth user-upper

I’d probably lean more towards the last option. Either way, to the point of this thing, I decided to do a quick Google search of the IP to see if anything came up, and nothing did. Plus visiting the IP directly does nothing. So, seeing as it’s still suspicious and I can’t find an answer, it’s time to utilise the power of .htaccess and block it’s ass.

So as of about 10 minutes ago, there are 3 new lines of code in .htaccess which should help stop this… thing… from coming back. I don’t normally do this to very regular visitors, or those who visit and view a lot of stuff, but when the stats say it looks odd, then something is up. Bye, bye, random Brazilian. You’ll probably never be able to read this, but next time try and browse normally