Blocking access to my Joomla site
Last Updated on Monday, 22 November 2010 13:51 Written by Joe Aldeguer Sunday, 04 January 2009 16:07
Putting together a Joomla site takes time and effort so needless to say I want to be able to protect what I have just put together.
Having reliable site backups assures me if I were to make a mistake working on my Joomla site I am able to go back to an earlier version. Also in the unfortunate event my site gets vandalize I would have someting to recover from rather than having to re-create hours of work. Attacks on Joomla sites are on the rise due in part to Joomla's success, which leads me to take measures to limit my exposures to such abuse. Using .htaccess on Joomla 1.5 to prevent such attacks is quite easy.
Searching my apache logs files for these attacks I can determine which IP address to block. If I wanted to block a particular country I can easily get that information here. I could also find out more information on an IP address here.
IP addresses use below are for example purposes only. Any connections from these IP addresses listed will be blocked.
Files match rules will prevent access to my .htaccess and configuration.php
Simply renaming htaccess.txt to .htaccess I could now begin to put in some rules. Beginning just below ########## End - Joomla! core SEF Section. The rules below become active as soon as the file is saved.
I also do check my web server logs daily for signs of abuse. Here is one IP which shows a considerable amount of curiosity for searching which Joomla installed components I have installed and occassionally my administrator login path. I therefore added the IP into my .htaccess deny.
[Sun Nov 01 22:31:06 2009] [error] [client 78.110.50.111] client denied by server configuration: /home/joealdeguer/public_html/administrator/components/com_competitions
[Sun Nov 01 22:31:06 2009] [error] [client 78.110.50.111] client denied by server configuration: /home/joealdeguer/public_html/administrator/components/com_competitions
[Sun Nov 01 22:45:34 2009] [error] [client 78.110.50.111] client denied by server configuration: /home/joealdeguer/public_html/administrator/components/com_clickheat
[Sun Nov 01 22:45:35 2009] [error] [client 78.110.50.111] client denied by server configuration: /home/joealdeguer/public_html/administrator/components/com_clickheat
I have also installed fail2ban and denyhosts on the web server to stop attacks as they occur. Guides used to install fail2ban and denyhosts.
Add this page to your favorite Social Bookmarking websites
Comments