@kaspencer  You’ll spend the rest of you life trying to block unwanted traffic. Even if you can  block by Country or IP range the ‘Visitors’ will still hit your site before reaching the blocking files. The best you can do is if the hosting company includes web space is to add a site with the blocks you mention then redirect to your own websites but this setup is difficult and does create more problems than it solves……

@Champnet 

Thanks for the comment.

It is worth it to me though here in my office, as I have two servers and four sites hosted, in all of which I pick out weekly those IPs which are clearly looking - and seriously looking - for potential weaknesses in configuration files, be they php, wp, and a host of other extensions. They are stopped dead and don't get to see any pages at all.

The benefit to me is that I get rid of the large number of webstat records that they create, leaving my logs easier to manage and analyse, and for my servers in my office thye load on those and on my internet are reduced.

So, back to my question: will a .htaccess file stop them on sites hosted on Plusnet? Although as I understand it I'll need to have an .htaccess file in each directory, whereas blocking in the config file (as per my own Apache installation) stops them dead from the site's root directory.

Kenneth Spencer

Which server software are your websites running on ?
How are you reading your log files ? Raw or using an application ?
Remember the logs show activity,  They can be useful to see who’s visiting your website and what they’re trying to do. Importantly you can see which ports need to be closed. Looking  at my logs I’m pleased not to be using Wordpress as it seems to be very popular for non-legit action. 

In my office I use Apache, although until 2011 I used MS-IIS. I have managed and designed websites since 1996, and developed software since 1974 but I am now retired. But I've been examining webstats for several decades!

I use my own software to sort out the webstats for the various sites each night and present them to me in the morning. I accept PlusNet webtasts nightly as is their practice, I prepare them using various scripts of my own creation, and examine them each morning - their are just as many attempts at illicit access of file in the PlusNet hosted sites as in my own, but it appears nothing is done to prevent it. Therefore I wish to do it myself. I presume that maybe you're not sure about the answers - if you do know though:

1. will PlusNet hosting support site/page control via .htpaccess files;

2. am I right in suspecting that each durectory will require an .htpaccess file;

3. Why does PlusNet do nothing itself to act on attempted illicit file access?

4. Is there any way we can put access control by IP on suspicious visitors?

So, in my posts, I have highighted several examples of suspicious behaviour - no-one with a legitimate purpose would search for wp-admin scripts, nor for AI initialisation files, nor lots of other stuff that is targetted.

Basically, in my locally-hosted sites, if a visitor does anything suspicious they are highly likely soon after, to get a 403 response from every page when they re-visit.

That's what I'd like to achieve in my PlusNet hosted sites.

You need a reply from Plusnet staff though I’ve never come across a hosting company doing what you want. Think I would use the log analyser to present stats.