Block both the Russian Federation and Ukraine Countries from accessing my websites - apache

I know this question has been asked before, but I want to know if there is a better more efficient way to block both the Russian Federation and Ukraine Countries from accessing my websites.
These countries are constantly ripping my website, using massive amounts of bandwidth, and and also providing BS porn related refer URLs to the sites. BTW... the Chinese are no better.
The following website provides a list if IP address for these countries so you can add them to the deny from ###.###.###.### in the .htaccess file.
The problem is that both the Russian Federation list has over 11,000 IP addresses and the Ukraine list has over 4,000 IP addresses.
This would mean adding about 15,000 deny from ###.###.###.### lines to the .htaccess file.
Questions:
(1) Would adding this many deny statements be inefficient, thus adding too much overhead to the Apache server because every hit would have to be looked up in the deny list?
(2) Is there a better more efficient way to do this?
BTW... a few of my important websites are built on the Drupal 6.x CMS system.
Note: My websites are hosted on a shared server. Therefore I do not have access to the root or Apache system.
Thanks in advance.

Related

Is it possible that .htaccess login method is blocked in China?

I am currently building a small portal for an organisation to store some very basic confidential info (but not terribly important/secret). The staff are worldwide.
I initially decided to just use a basic .htaccess method (with https) but one person in China says they can't login (the domain itself is not blocked from China though).
Does anyone know if this is likely a normal thing/protocol that gets blocked in China? It seems a very basic thing to block and I am not sure how it would be blocked if the actual domain works...
i.e. In other words, is it possible to block htaccess logins at domains that are themselves not blocked?
In seeking this answer I am just trying to establish the likely cause of why they can't use the site (i.e. either blocked or not working for some other unknown reason).

seo custom domains

I'm trying to do the following:
I have website like apartments.com.
sometimes, I want to expand to different cities, so for SEO purposes, I might create a separate domain like bostonapartments.com or newyorkapartments.com for only boston and new york apartments.
bostonapartments.com and the main domain apartments.com are all hosted on 1 server. what I did was I used Virtual Host apache config to direct bostonapartments.com to a directory on that server, and then used an iframe to load content for bostonapartments.com from apartments.com. So all the content will be hosted on apartments.com, but bostonapartments.com will get the content from apartments.com.
how can I accomplish this effectively in a scalable way using php, apache, mysql?
btw, I do not own apartments.com, I'm just using that as an example.
Why such a contrived solution? Just add ServerAlias directives for all of your domains straight in the apartments.com virtual host.
if they are all identical it will do more bad than good due to duplicate content, but as #lanzz said, ServerAlias will do the same thing.
I would suggest separate
virtual servers and optimize each site with keywords, writing, etc etc.

.htaccess safety vs password

Is is safe to create a .htaccess in a folder in my website (example.com/thisfolderismine) and ONLY allow MY IP address?
My goal is to MAKE SURE that no one else than me access this folder. This is also a login in this folder but I'd rather take a crazy-full access protection.
Is this safe? Is there a way to hack this?
Note: I don't care about not being able to access it from somewhere else.
My website is getting hacked by Ukraine, Vietnam, Philippines, Algeria, China in the last 4 months and these nolife are driving me nuts.
Also, is there a simple way to only allow IP/computers from ONLY Canada & USA? I don't have clients anywhere else anyway.
Thanks a bunch
Joel
Kind of going in reverse order of your question:
While there may be some general association of geographic location to IP address range, you should not count on it.
What if one of your clients in Canada want to access your site through a proxy in Europe? You should use a "real" authentication method to verify users, not IP address.
Using specific IPs is better, assuming those users have static IPs. This not a safe assumption for a dial-up or DSL-based user, though (for example).
If you yourself have a static IP, then yes, it should be fine to limit access to a folder based on that. Of course if you ever release that IP or switch ISP, etc. you will have to update your website's configuration. One more thing to have to remember.
You could also consider using a VPN and only limiting your page's access to the local network (see anubhava's answer - note the 192.168.XX.XX address).
Personally, I use a combination of HTTPS + username + good password for stuff like this.
Put these 3 lines on top of your .htaccess file in the folder you want to restrict:
Order deny,allow
Deny from all
Allow from 192.168.100.101
This will only allow access to that folder from IP address 192.168.100.101 otherwise it will show forbidden error.

Is sub-domain better or sub-folder?

I have a classifieds site and I want to know whether creating subdomains or sub-folders is better, as I am in state of confusion.
If we need to take sub-domains then what are the benefits which we can get from sub-domains?
If we need to take sub-folders then what are the benefits we can get from them?
If we create sub-domains then Google considers sub-domains as individual domains and would show only 2 results per page.
So please clear my doubts and let me know which one is better.
Search engines will treat subdomains more like separate domains, so it many cases using sub-folders is the way to go, so that you are not spreading yourself to thin.
using both is a bad idea, as search engines will try to index both, and one will get flagged as duplicate content.
Here's an article from SEOMoz explaining it in more detail:
http://www.seomoz.org/blog/understanding-root-domains-subdomains-vs-subfolders-microsites
Personally, I go off the logic that a subdomain is a different application / site owned by the same company. A subfolder is part of the same application / site.
It is probably better for your PageRank / search engine listings if you have 'one-big-site', rather than lots of different loosely coupled domains. If the content of the sites is distinctly different, e.g. a personal site might have a gallery or blog subdomain which keeps the content distinctly seperate from the main site - then it probably makes sense for a subdomain, otherwise, I'd stick with folders.
p.s. Side note, dunno if this is important, but web-browsers only open two connections at once to a website when downloading the different files that constitute a page. So there is a reason for a subdomain in this instance where it actively speeds up (though, on a fast site, minimally) the page load time.
It depends on what content you want to create subfolder/-domains for.
Is it related to your original site? Then you should definitely use sub-folder as this belongs to the same domain. It's much better for the link juice to spread if you use sub folders.
As for the PageRank, it's better to use subfolders.
Subdomains is considered as a new site. Subfolders is not, and will get better rankings if your original site is powerful.
You can use both subdomains and subfolders if you like, but don't forget to use the canonical-tag to avoid duplicate content.
Two relevant links that explains this further:
http://www.searchmarketingstandard.com/when-to-use-subdomains-vs-subfolders
http://www.searchenginejournal.com/subdomains-or-subfolders-which-are-better-for-seo/6849/
Why not both? Have demandb.com/foo and foo.demandb.com go to the same place.
Technically, a subdomain is a different server. The company I work for has a domain with several subdomains where every subdomain is located on a different (virtual or real) computer/server. That way, if one of them crashes, the rest just keeps running.
From a developer's perspective, a subdomain would force everything within the subdomain to be a different application while in a subfolder, the subfolder and subsubfolders could be part of the application in the root folder. When I create web applications, those web applications are often tested first on a test server in a subfolder. Once they make it through the tests, they are moved to the root of their own subdomain.
When two subfolders are related to one another, they're often part of the same application, thus it would be better to keep them in their own subfolder so they can share cookies and sessions more easily.
2 comments:
Use sub folders if you need SSL- then you only need 1 basic certificate for the root
If you use both, make sure you redirect 301 one to the other. That will avoid the search engine duplication issue, but would still be problematic for SSL in certain situations.
If your site can be easily partitioned by the subdomains and each subdomain can operate independently then do it! You can then easily scale out your application by deploying different servers(or clusters) for each subdomain.
Examples:
Craigslist: by region(seattle.craigslist.org, sfbay.craigslist.org, etc)
Livejournal: by community/user
Technically, you can do this with folders, but it requires a web proxy farm, whereas subdomains can be done with simple DNS entries.
its also depends on your needs whether u want separate login system for sub domains, because it wont be possible is you are using sub-folder. Sub-folder share same session.
For sub domains you have to set shared cookie for all domains.

How to hide distributed servers under a single domain?

I currently host my company's website and blog on separate servers, reached by separate domain names - www.example.com and www.example.net. This is so I can give blog server access to our partners without compromising security on our main server. However, our SEO guy is now demanding that the blog be put on our main server, as www.example.com/blog.
I would like to maintain the current server separation rather than putting both on the same server. Is there any good way to keep them separated, but have them both under a single domain name? A subdomain would also be acceptable (blog.example.com).
My main website server is a Debian box running Apache 2, and I have full root access to it. The blog server is run by Hostgator, and I have limited access.
Edit: Thanks, all. In this particular situation I don't particularly want to transfer the blog again, and I don't have easy access to the DNS records, so i went with mod_proxy and it worked like a charm. I wish I could give you all "preferred answer" status, though, because all of your information was awesome.
A subdomain would be easy: just create an A record in DNS which maps blog.example.com to the IP address of the blog server, and have another A record in DNS which maps www.example.com to the main website server (this latter record probably already exists).
Would the SEO guy be happy with blog.example.com? It's not the same from an SEO perspective, but it might be good enough for him. I work at a company where SEO is at least 1/3 of what we do, and that's our setup: blog.example.com and www.example.com.
You could try to get fancy and proxy requests to /blog to the 2nd server, if you insist on keeping the blog off your box, but I think you can find a secure way to share space. Proxying like that could get annoying, and it basically doubles the latency to your blog.
Give the blog guys an account on your box; don't give them root/special privileges. If you can get away with it, don't even give them SSH access -- just give them a FTP login (make sure they can't access /var/www), and maybe a mysql account or something. (As you can see, this all depends on how much control/power the blog folks demand.)
Then, just make a symlink to the blog root, so they can write to a restricted area like /home/blog/www and still have it included in the website:
ln -s ~blog/www /var/www/blog
If a subdomain is for some reason not a possible way for you to go, you could use Apache's mod_proxy module to proxy requests to /blog to your second server.