Trigger IP ban based on request of given file?

Question

I run a website where "x.php" was known to have vulnerabilities. The vulnerability has been fixed and I don't have "x.php" on my site anymore.

As such with major public vulnerabilities, it seems script kiddies around are running tools that hitting my site looking for "x.php" in the entire structure of the site - constantly, 24/7.

This is wasted bandwidth, traffic and load that I don't really need.

Is there a way to trigger a time-based (or permanent) ban to an IP address that tries to access "x.php" anywhere on my site?

Perhaps I need a custom 404 PHP page that captures the fact that the request was for "x.php" and then that triggers the ban? How can I do that?

Thanks!

EDIT:

I should add that part of hardening my site, I've started using ZBBlock:

This php security script is designed to detect certain behaviors detrimental to websites, or known bad addresses attempting to access your site. It then will send the bad robot (usually) or hacker an authentic 403 FORBIDDEN page with a description of what the problem was. If the attacker persists, then they will be served up a permanently reccurring 503 OVERLOAD message with a 24 hour timeout.

But ZBBlock doesn't do quite exactly what I want to do, it does help with other spam/script/hack blocking.

John Conde · Accepted Answer · 2017-10-31T18:59:10.810

Recreate x.php and have it collect the IP address of anyone trying to reaching it. Then create (or modify) a .htaccess file that blocks them using Apache. The .htaccess file will look like this:

order deny,allow
deny from 123.123.123.123
deny from 255.255.255.255

Just keep appending to that file any IP address you want banned.

The x.php might look like this: (untested)

<?php
    $fp = fopen('.htaccess', 'a');
    fwrite($fp, 'deny from  ' . $_SERVER['REMOTE_ADDR'] . "\n");
    fclose($fp);
?>

score 1 · Answer 2 · edited Mar 25 '14 at 15:17

1

The PHP code that John Conde posted does not work. It replaces the entire .htaccess file as an undesirable result. The PHP below would be a good replacement for his PHP and I have tested it.

<?php      
    $ipdeny = 'deny from  ' . $_SERVER['REMOTE_ADDR'];
    file_put_contents('.htaccess', $ipdeny . PHP_EOL, FILE_APPEND);
?>

edited Mar 25 '14 at 15:17

Sathiya Kumar V M

2,938
4
22
31

answered Mar 25 '14 at 14:56

Jonathan Rowley

43
6

Trigger IP ban based on request of given file?

2 Answers2

Linked