From 0408731358867051a2c8320deb5a51f65a44fdb4 Mon Sep 17 00:00:00 2001
From: Peter Foster <peter.foster@ukdataservices.co.uk>
Date: Mon, 2 Mar 2026 11:15:06 +0000
Subject: [PATCH] Block scanner IPs and non-existent PHP file requests

---
 .htaccess | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.htaccess b/.htaccess
index d2dbe3a..db5e0e0 100644
--- a/.htaccess
+++ b/.htaccess
@@ -150,6 +150,14 @@ Options -Indexes
 <IfModule mod_rewrite.c>
     RewriteEngine On
 
+    # Block known scanner IPs
+    RewriteCond %{REMOTE_ADDR} ^(20\.63\.96\.50|4\.193\.248\.52)$
+    RewriteRule ^ - [F,L]
+
+    # Block requests for PHP files that don't exist (webshell scanners)
+    RewriteCond %{REQUEST_FILENAME} !-f
+    RewriteRule \.php$ - [F,L]
+
     # Skip already processed .php files
     RewriteCond %{REQUEST_FILENAME} -f
     RewriteRule ^services/.*\.php$ - [L]