Yes it is an old site (osCommerce Online Merchant v2.2 RC2a).
I am trying to block 10.x.x.x addresses. This is a hosted site so maybe from internal addresses on the hosting system?
In the domain root is the htaccess file, with permissions set to 755, which contains the following;
<snip>
order allow,deny
deny from 4.79.204.36
deny from 5.9.54.16
deny from 5.39.85.81
deny from 10.179.0.0/30
deny from 37.187.56.47
<snip>
allow from all
<snip>
But I am still seeing 10.x.x.x entries.
I have tried quite a few variants of the "deny from 10.179.0.0/30" line from a simple "10" to what is there now.
Am I missing something simple or just being dumb?