Thursday, October 30, 2008

Use .htaccess to block an IP address

So the other day, one of the websites that I oversee was getting card slammed. Card slamming is when a "hacker" repeatedly tries credit cards on an e-commerce site until they find one that works. This particular person was trying about 80 different credit card. Some of the transactions were going through but I canceled the orders and voided the transactions with the merchant processor. Luckily, Zen Cart can tell you who's on your store and their IP address. So I was able to block the IP addresses of the person or persons card slamming my store.

Add this to your .htacces

order allow,deny
deny from XXX.XXX.XXX.XXX
deny from xxx.xxx.xxx.xxx
deny from XXX.XXX.XXX.XXX
allow from all

That's it! You can do 1 IP address or 2 or 3 or more. Just to test it, I put my IP address in there and sure enough I wasn't able to access the site. Now of course the "hacker" was using a proxy server to access my website but if you notice the attack and react quickly the "hacker" will probably get discouraged and move on to some other website.
Post a Comment