Chances are that not all visitors to your site will behave themselves. Some will have an agenda that runs counter to your site's goals. This group of shady users includes spammers and a wide variety of people who will use their power to post content to deface, defame, defile, and defraud. Furthermore, your site on the open Internet is likely to come under a number of automated attacks, which attempt to do anything from take over your server to fill your logs with links to dubious sites. Some people may use scripts to attempt to post large numbers of comments or automatically register thousands of new users. The limit to what can happen is only in the imagination and intention of the bad guys. As a site administrator, you need to be equipped ou survive these attacks.
Select administer > access control > access rules (admin/access/rules) to access tools to block or allow specific usernames, e-mail addresses, or hosts (IP addresses). By building specific or general rules, you can block access from known problem sources.
The access rules consist of an access type (allowldeny), a rule type (usernameie-mailihost), and a mask. The masks use pattern matching, where the percent sign (%) matches any number of characters, even zero characters, and the underscore (_) matches exactly one character. Exercise 2-1 demonstrates adding an access rule.
Was this article helpful?