Save 25% on Wizard’s SQL for WP w/ code: WIZARDSQL
Web Dev + WordPress + Security

Latest Blacklist Entries

Recently cleared several megabytes of log files, detecting patterns, recording anomalies, and blacklisting gross offenders. Gonna break it down into three sections:

User Agents

User-agents come and go, and are easily spoofed, but it’s worth a few lines of htaccess to block the more persistent bots that repeatedly scan your site with malicious requests.

# Nov 2010 User Agents
SetEnvIfNoCase User-Agent "MaMa " keep_out
SetEnvIfNoCase User-Agent "choppy" keep_out
SetEnvIfNoCase User-Agent "heritrix" keep_out
SetEnvIfNoCase User-Agent "Purebot" keep_out
SetEnvIfNoCase User-Agent "PostRank" keep_out
SetEnvIfNoCase User-Agent "archive.org_bot" keep_out
SetEnvIfNoCase User-Agent "msnbot.htm)._" keep_out

 Order Allow,Deny
 Allow from all
 Deny from env=keep_out

The first line blocks any user-agent containing “MaMa ”. If that scares you, then replace that line with these two:

SetEnvIfNoCase User-Agent "MaMa CyBer" keep_out
SetEnvIfNoCase User-Agent "MaMa Xirio" keep_out

The other lines block the latest batch of “loser-agents,” which may completely disappear overnight. My current strategy is to block for a few months and then start fresh. Stuff like heritrix, Purebot, and PostRank have made the list numerous times.

Character Strings

There must be some exciting new vulnerability, because suddenly I’m seeing TONS of requests for the following resources in just about every virtual directory imaginable:


What’s the best way to deal with endless requests for non-existent resources? I prefer to respond with 403 Forbidden and call it done:

# Nov 2010 Char Strings
<IfModule mod_alias.c>
 RedirectMatch 403 fpw.php
 RedirectMatch 403 xmlpc.php
 RedirectMatch 403 pingserver.php
 RedirectMatch 403

Of course, make sure you aren’t actually using any of these files anywhere on your site before using this code.

IP Addresses

Last but not least, here’s the latest batch of nefarious IP addresses. There’s no reason to block random botnet IPs, so only the most rogue static addresses make the list:

# Nov 2010 IPs
 Order Allow,Deny
 Allow from all
 Deny from
 Deny from
 Deny from
 Deny from 
 Deny from
 Deny from
 Deny from
 Deny from
 Deny from
 Deny from
 Deny from
 Deny from
 Deny from
 Deny from
 Deny from
 Deny from
 Deny from

As with the user-agents, I like to block IPs for a month or so at a time. Implement (or not) as you see fit.

Bonus IPs! – Looking for more bad IPs to block? Check out Vladimir’s post in the comments.

Just one fix..

Don’t take my word for it. Check your own logs and see what shouldn’t be there. “Know thy enemy,” as they say ;)

For more help on blocking stuff with .htaccess, check out Eight Ways to Redirect with Apache’s mod_rewrite.

Jeff Starr
About the Author
Jeff Starr = Fullstack Developer. Book Author. Teacher. Human Being.
.htaccess made easy: Improve site performance and security.

24 responses to “Latest Blacklist Entries”

  1. Hello Jeff, using your code for blocking user agents in my htaccess makes the below error on my site, if I remove it everything works fine. Any idea what can be wrong here?


    Internal Server Error

    The server encountered an internal error or misconfiguration and was unable to complete your request.

    Please contact the server administrator, and inform them of the time the error occurred, and anything you might have done that may have caused the error.

    More information about this error may be available in the server error log.

    Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.

    Apache/2 Server at Port 80

  2. Avatar photo

    hello i am encountering the same error a soren, it becaue the msnbot line.

  3. vortex,

    I removed the “msnbot” line, it works fine now



  4. Avatar photo

    soren, instead of removing it add a before ), like this:

    SetEnvIfNoCase User-Agent "msnbot.htm)._" keep_out


  5. FreeStuffer 2011/02/02 11:18 pm

    I was having problems with a free for all links script I was running and the .htaccess resources here have helped me sort that out – a BIG BIG THANK YOU!

    One thing – does anyone know of a commented block list?

    Along the lines of……

    Deny from #

  6. Avatar photo

    I am bringing up a new WordPress site. I have already implemented your system. Thanks for your help.

    I also want to block access to my theme and plug-in folders to any request not coming from my domain. Will this damage access from legitimate search engine robots?

    Thanks in advance.

  7. Avatar photo

    not if you block access like this example, it can be done in multiple ways

    RewriteCond %{REQUEST_FILENAME} .*(jpe?g|gif|png|woff|otf|svg|eot)$ [NC]
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !(.*.?) [NC]
    RewriteCond %{HTTP_REFERER} !google. [NC]
    RewriteCond %{HTTP_REFERER} !live. [NC]
    RewriteCond %{HTTP_REFERER} !yahoo. [NC]
    RewriteCond %{HTTP_REFERER} !msn. [NC]
    RewriteCond %{HTTP_REFERER} !search?q=cache [NC]
    RewriteRule .* - [F]

  8. Avatar photo

    I am new to this htaccess stuff so please excuse any dumb questions.

    Can I use this style?

    SetEnvIfNoCase User-Agent "google" allow_in
    SetEnvIfNoCase User-Agent "yahoo" keep_out
    SetEnvIfNoCase User-Agent "" allow_in
    SetEnvIfNoCase User-Agent "" allow_in

    order deny,allow
    deny from all
    allow from env=allow_in

    My thought was to put this .htaccess in the individual directories or is it better done in the root?

  9. Avatar photo

    In your example should I change the [NC] to [NC OR] ?

  10. Avatar photo

    i think you should read the apache documentation, i am not a wordpress expert to know what you have in plugins and theme folders that a search bot could use. i just gave you an example on how to block hotlinking [i understood from your comment that this is what you need].

  11. Avatar photo

    this should make your life alot easier.

    switch the version according to what you have installed on server. also if you have suPHP, you need to check the documentation.

  12. I was recently a victim of a hacker and destroyed almost every site I had developed. It was certainly a wake-up call for me to start learning about website security. I came to visit your site via Lynda Secure Sites tutorials and it has opened my eyes to all the “nasties” I had no idea existed. Thanks for doing such a wonderful job explaining everything in simple terms so that a newbie such as myself can understand it all and implement it. I am….Forever grateful!

Comments are closed for this post. Something to add? Let me know.
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
Digging Into WordPress: Take your WordPress skills to the next level.
Daylight savings is a complete waste of time and needs to be eliminated.
Got a couple of snow days here in mid-March. Fortunately it's not sticking.
I handle all email in real time as it comes in, perpetually clear inbox for years now.
Added some nice features to Wutsearch search engine launchpad. Now 21 engines!
.wp TLD plz :)
Nice collection of free SEO APIs and user-agent lookups for Googlebot, Bingbot, Applebot, YandexBot, and more.
90% of online customer support is just explaining how to do basic troubleshooting.
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.