I had a hacker on one of my sites over the weekend. Found a root kit hidden away which I removed but not after he found a way to add some text to one of my webpages.
So I started by adding his IP address to my block list, but apparently that’s easier said than done with the ‘cloud’. In the cloud sometimes the server isn’t really sure where the actual request is coming from, apparently.
But fear not, I got this nugget back from Mosso support (after 48 hours or so–come on guys, security issues should be answered immediately)
Unfortunately there are some issues with being able to block by IP
address on the cloud using the standard methods. Because of our load
balancer and clustered environment the IP address in the REMOTE_ADDR
will not be the end users.
You can however use the following:
SetEnvIf X-Cluster-Client-Ip 188.8.131.52 block
Deny from env=block
in your .htaccess to block access to your site via IP. Just replace
184.108.40.206 with the IP address you want to block.