htpasswd limits passwords to 8 characters (or: read the manual dummy)

Turns out htpasswd limits passwords to 8 characters in length by default prior to Apache HTTPd v2.2.18. I run CentOS 5 with HTTPd v2.2.3. I don’t rely on .htaccess password access for anything serious but I do use it as an https ‘front door’ for one of my addresses which does have its own properly secured password access. I’ve been running it like this for years and I was sure something funny was going on entering the username/password combo in there. I swore I was noticing incorrect passwords getting through. Today I decided to test it out thoroughly.

Continue reading “htpasswd limits passwords to 8 characters (or: read the manual dummy)”

WordPress IP Blacklist not working? Remember .htaccess

Word to the wise: If you’re getting comment spam try Wordpress’ IP blacklist feature but, when that doesn’t work, try the guaranteed way: .htaccess.

Update 2011-04-03: Reformatted .htaccess config lines now that I know how to do better formatting.

Word to the wise: If you’re getting comment spam try WordPressIP blacklist feature but, when that doesn’t work, try the guaranteed way: .htaccess.

I get a lot of spam on this blog, mainly to one post that got a lot of links. Akismet is great at detecting this spam and not publishing the comment. But it gets tiring removing comments from the same IPs all the time. So, I tried WordPress’ IP blacklist feature but it didn’t work. For some reason I totally forgot about .htaccess. It’s the fail safe mechanism for protecting your site against IPs that abuse your blog.

Just put a file named .htaccess in your blog directory if you’re running apache. If you’re running some other httpd server, sorry you’llĀ  have to find another way. But, if you can do .htaccess you can do this:

You can put as many “deny from 123.123.123.123” lines as you like.