Forum Topic: Blackhole

Forum: .htaccess Forum : Security • Posted by Jeroen • Updated:

Jeff,

After some months, the htaccess file has quite a number of blocked IP address caught by the blackhole.

At the moment, I’m also blocking IPs registered at Project Honey Pot (with only a few complains from people who didn’t like to be blocked), but I also noticed that some of their IP addresses were just used by bad guys from let’s say Russia and/or China.

Do you clean up these IP address after some time or do you just leave the whole list?

I have seen a website that is much slower when I add something like 100 IP addresses to the htaccess file. Other sites were OK though (different providers).

7 Replies to “Blackhole”

Posted by Jeff Starr

Hi Jeroen,

Great question. Blocking by IP in any case should be considered a short-term strategy to block immediate threats. I recommend clearing the list every few months (or as needed) to lighten things up.

Posted by Jeroen •

Thanks Jeff.

Btw, I subscribed to this post but haven’t received a notification. Also not in Spam. But it could be just an incident.

Posted by Jeff Starr

Hmm, not sure what happened there.. apologies for any inconvenience it may have caused. I will be sure to investigate during the next update.

Posted by Steve Wharton

Hi Jeff,

Learning tons of awesomeness from your book, Htaccess Made Easy-Peasy, this forum, and PerishablePress.com in the last week. Thanks!

Testing out my Blackhole implementaion on my website, I get:

Deprecated: Function ereg_replace() is deprecated in .../index.php on line 98

and

Deprecated: Function eregi() is deprecated in .../index.php on line 73

I’m not a PHP guy. When I replaced the two functions with their replacements, preg_match (with / delimiters) and preg_replace (with the /i switch), I get a bunch of other PHP errors written to the rendered page.

Is there a newer version of Blackhole?

Or, do you have plans to update your Blackhole code?

I’m able to suppress those deprecation and error messages by adding:

// Turn off error messages for this file
error_reporting(0);

to each file blackhole.php and index.php. But that’s not the best convention, right?

Thanks in advance for the help!

PS – BTW, after spending forever adding semalt.semalt.com & semalt.com blocks in my .htaccess file yesterday (using http://logorrhoea.net/2014/01/how-to-block-semalt-com-referrer-traffic-using-htaccess), butt they crawled me again today. Dang. Would you please consider adding them to your G6 project and/or to your 2014-micro-blacklist?

Posted by Jeff Starr

Hi Steve,

Glad to help:

1) “Is there a newer version of Blackhole?”

The one hosted at Perishable Press is the latest one, but others have reported the PHP warnings and notices as well, so..

2) “Or, do you have plans to update your Blackhole code?”

Yes, as soon as time allows. I am currently finsihing up my next book, and then have plans to update my scripts and plugins after that.

3) “..to each file blackhole.php and index.php. But that?s not the best convention, right?”

It’s fine for now. Remember, there is a big difference between PHP warnings, notices, and errors. If you are receiving errors, then covering them up probably is not as good as getting them fixed. Yet, if they are simply notices or warnings, those are hardly worth worrying about and are fine to ignore.

4) “Would you please consider adding them to your G6 project and/or to your 2014-micro-blacklist?”

Sure, if you send me an email using the address in the footer of this page, then I can add to the queue for the next update.

Let me know if I can elaborate on anything, glad to do so.

Posted by Steve Wharton

Appreciate the help, Jeff thanks. Will do (send the email to get in the queue)

Would you please clarify? In:

Step 3: Include the bot-check script by adding the following line to the top of your pages:

<?php include($_SERVER['DOCUMENT_ROOT'] . #'/blackhole/blackhole.php'); ?>

Is the space between the . and the /blackhole/blackhole.php supposed to be there in your posted example? (Note: I put the # there above to mark where it appears.)

Thanks again!

Posted by Jeff Starr

Yes, it is supposed to be there :)

Learn more about concatenation:

https://www.php.net/manual/en/language.operators.string.php