Support

Hi!

It all depends on what you want to achieve.

The .htaccess method is the most complete one. It will completely disallow the blocked IP from accessing anything on your site. Not just Joomla!, but also static resources (CSS, JS, images, videos, ...) and any HTML pages or PHP scripts running outside of Joomla! itself. On the flip side, the more IP addresses you have in there, the slower your site gets because Apache has to parse the very long .htaccess file on each and every request to any resource, be it Joomla!'s index.php file or static resources. After a few hundred IPs, you get a noticeable delay on your page loading speed.

Going to the security exceptions log and banning the IPs from there is more convenient and performant. For large number of IPs, you get fast filtering using PHP code. On the flip side, if you have only a handful of IPs, it's slower than .htaccess. Moreover, it only protects Joomla!, not static resources.

Finally, if there is a repeat offender, you can simply turn on the automatic IP blocking. IMHO, that's the optimal method. You only ban those who have proven themselves to mean trouble and only long enough to prevent them from potentially doing harm to your site. The IP block list is auto-managed and self-tidying. It pretty much takes IP blocking in auto=pilot mode. I strongly recommend using that method. After all, the vast majority of IPs (and all spammers' and hackers' IPs) are dynamic. After a few hours they are assigned to a different person on the Internet. You don't want to block them just because their IP was once assigned to someone with sinister intentions.

1. In this case, yes. If you don't go through .htaccess, the IP block won't be active on those static sites.

2 & 3. Define "real". It's impossible to define it in terms a computer would understand. Obviously, the same guy coming twice by accident is not "real" traffic, but the same guy coming twice because he wants to re-read your content is "real" traffic. Can a computer detect that? Nope. So, that means nothing.

Also note that "bot" does not mean "hacking bot" or "spam bot". Search engines use automated site crawlers to index your pages. These are also called bots, e.g. Googlebot (Google), MSNBot (Bing), Yahoo Slurp (Yahoo!) and so on. The main difference you see in the numbers is most likely due to Project Honeypot integration which does prevent genuine hack/spam bots to access your site.

4. It's a matter of configuration. The default settings for PH integration make sure that an IP will be blocked if at least 1,000 spam messages have been sent from it and the last detected spam activity was within the last month or so. Please read the documentation for more information. You can configure it to taste. And I actually consider PH integration to be the only IP-blocking feature -apart from the administrator white list- which makes perfect sense. Putting arbitrary IPs in a black list or using GeoBlocking never stuck well with me, but I put those features there due to popular demand - not because I like them or consider them effective.

Side note: You have a static IP. I also have a static IP. We are the minority. The majority of ISP customers are assigned dynamic IPs, simply because there are not enough IPs for all of us. IPv4 addresses are depleted. Until IPv6 is widely deployed, we can't all have static IPs. Besides, if you were a spammer or hacker, would you risk being easily identified and blocked by having a static IP for years? IPs are the cyber equivalent of houses. A legitimate user may use the same IP for years, a crook will change IPs as fast as he can to stay below the radar, just like a crook in the real world changes houses (hideouts) often to remain uncaught.

You're welcome!

You're welcome! As I said, too many IPs in .htaccess cause significant page load time increase :)