My 403.html 404.html


Every day I get 2 or 3 wp-login request or something/admin or passwd or user. None of which I have. When that happens I add their IP to my htaccess file as “deny from that.IP”. The Dreamhost default page.
The next time that IP comes in they get “Forbidden” page. I’d like to redirect to my own Forbidden.php page where I can track the IP etc. How can I do that?


Edit your .htaccess file and add this:

# serve custom error pages
ErrorDocument 400 /errors/400.html
ErrorDocument 401 /errors/401.html
ErrorDocument 403 /errors/403.html
ErrorDocument 404 /errors/404.html
ErrorDocument 500 /errors/500.html

You can change the path/filename to whatever you like.


For tracking I have been using “WP Cerber Security, Antispam & Malware Scan” has the basic blocking and tracking even block IP address and other countries.

The more advanced part has some nice features but that were they want you to pay for that part.



kjodle: I’ve tried that and I still get
You don’t have permission to access / on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request."

Which seems to be the default DH page. I’d like to redirect to a (instead of 403.html) a 403.php that tells them how to contact support (which a hacker will never do). I have several RewriteRule lines for “admin”, “wp-login”, etc and that gets logged. But if an IP is "deny"ed and attempts a legit web page they get the “Forbidden” and there is no logging.

Just did some more digging and it is being logged. in logs/[site]/https/error.log - it’s looking for [site]/forbidden.html Which I just created and - ta-da - up it popped “this is my forbidden”. I’d like [site]forbidden.>PHP< so if the incoming is a legit request (not admin, not wp-login etc) I could log it.

Base problem is: CentruryLink (et-al) users get a DHCP IP which changes. Person “A” has a IP and is infected which attempts to hack in (wp-login) and I block that IP. A month later person “B” connects, gets the old IP of “A” and -> “Forbidden” and I have no way of knowing what IP is the problem.

Aside: I don’t run WordPress. Reason: I can’t rename subdir admin to xyzzy, I can’t change wp-login.php to foobar.php. WP is like the people who buy a combo lock, comes from the factory with “1 2 3 4” and the buyer never changes it. I’m a hacker? I’m going for 1234 every time. Check your logs for attempted WP attacks.

So, problem solve (well sort of)