André, On Wed, May 01, 2013 at 02:47:55AM +0200, André Warnier wrote: > With respect, I think that you misunderstood the purpose of the proposal. > It is not a protection mechanism for any server in particular. > And installing the delay on one server is not going to achieve much.
In fact I did understand the purpose, but I wanted to get my point across without writing a lengthy message on the merits and flaws of your theory. My point is: ModSecurity has all you need to do this right now. All that is missing is enough people configuring their servers as you propose. Like many others, I do not think this will work. If it really bothers you (and your bandwidth), then I would try and use a real-time blacklist lookup (-> ModSecurity's @rbl operator). Given the work of the spam defenders these blacklist should contain the ipaddresses of the scanning bots as well. I do not have this configured, but I would be really interested to see the effect on average load, connection use and number of scanning attempts on a server. Interesting discussion by the way. Maybe a bit hot, though. Best, Christian Folini -- We have to remember that what we observe is not nature herself, but nature exposed to our method of questioning. -- Werner Heisenberg
