1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

The .htaccess file and a subdomain protection...

Discussion in 'Black Hat SEO' started by Coconut-water, Jan 30, 2017.

Tags:
  1. Coconut-water

    Coconut-water Newbie

    Joined:
    Dec 16, 2016
    Messages:
    31
    Likes Received:
    1
    Gender:
    Male
    Kinda annoyed by this looking for some advice.
    I have a subfolder I dont want to offer access to it.

    So I set a .htaccess file (444 file permission setting.) with the following code:

    # SECURE WP-ADMIN 12.345.67.890
    <FilesMatch ".*">
    Order Deny,Allow
    Deny from all
    Allow from 12.345.67.890
    </FilesMatch>

    Essentailly, I change the IP address to myself when I need to access / view that subfolder.. then just set it back to that 123456... when I am done.
    Well, when I check my logs.. I still see clowns trying to get into that subfolder... as in trying to login.

    A standard 3 strikes they get kicked out... but that setting as at login attempt security.

    Now I thought that with a .htaccess file setup as above... they would get 403 Forbidden and not even be able to attempt a login or even see that page? So what am I doing wrong? Or they some how able to still read the contents of .htaccess file, and spoof the IP thats there?