Oh yeah – you can create havoc here! But I’ve been having some fun (I do not recommend you try this, no web servers were injured in the creation of this post, and yes, I wore a helmet and goggles).
Among the many things I don’t know a lot about, .htaccess is one of them. But man, it’s a very cool file to play around with!
My Web Host (1and1.com) let’s me put my own .htaccess in any of my site root folders – or in my main root folder – and the Apache Web Server will follow those rules for either individual sites on my server, or for EVERY site on my server.
So a little while ago I measured the traffic to my site and found nearly %60 of it was generated by spammers. And of that % 60, about % 90 of the IP addresses accounted for > % 90 of that spam traffic.
I had some tenacious spammers eating my bandwidth. Time to fight back!
Spam Karma 2 gives me a good list of the IP Addresses spamming me. So I could identify the top 5.
I put them in my .htaccess file. Bingo – %40 less bandwidth being used by spammers! I was impressed.
But I also run a very highly modified version of the WordPress Plugin Live – a Plugin that gives me a real time graphical display of what is going on with my WordPress blog.
I’ve added a lot of features to this plugin over the last year – logging, geo-tagging, Google map API integration, etc.
Now I have integrated it with Spam Karma 2 and when Spam Karma 2 flags a comment as spam, my Live plugin adds the offending IP address to my .htaccess file on the fly. I deny that IP access to my site(s).
Of course this is dangerous, and unwieldy, and probably stupid – but it is also very effective. I have % 71 less spam traffic than I did a week ago. And just to clear that up – I get VERY few spam comments – Spam Karma 2 blocks them – but not until they already posted a comment and ate my bandwidth. Blocking them in .htaccess prevents them from even hitting my site. They are not allowed here.
And it seems changes to .htaccess are not applied immediately – sometimes it takes a while (hours even) after I add an deny entry to .htaccess before I see the offensive IP address disappear from my log files. But they get blocked, and stay blocked.
Which brings up another issue with this, and why I don’t recommend it to you. Once blocked, an IP is blocked until you manually edit it. So you are, in effect, cutting people off your site. For my purposes, I am pleased to do so.
What I want to do next is a .htaccess redirect – so anyone who was previously denied access gets redirected somewhere else – like to their own IP address. Still working on that one!