Hi Folks,
I am attaching a copy of my current .htaccess file in .txt format for anyone to use. I offer this as is, no warranties or guarantees it will work with your site, etc. I respectfully suggest if you have not used or seen a file like this, please either don't use or read up on its use and functions before you implement it.
This file is NOT an all-inclusive fix, however. I have the blocked IP's listed by country (I.E. - There are over 200 million listed IP's that are blocked in China alone, etc.)
In addition to the blocked IP's, there is an extensive list of bots being blocked as well. I only allow Googlebot, Bingbot and Applebot onto my site. Most of the others are blocked.
Also blocked are wp-login.php (there must be a new kiddie script for this out in the wild, I have been getting hammered on this one lately), wlwmanifest.xml and xbfk.php. So, if you're using the Wordpress, you will need to delete this listing, so you can see and get into your site.
Two other cautions, these files are VERY picky with syntax. One extra space, or comma in the file, and you can block your entire website with the dreaded 500 Server Error, OR do what I did the when I first used one, I locked myself out of my own website. Now, talk about feeling like a fool asking your website provider to delete said file, so you can use it again.
The other issue is when you upload this file as is, and your site returns either a 403 Forbidden or 500 right off the bat, chances are your web hosts provider IP range is listed in the file and will need to be removed.
Hope this helps some folks,
John