Sorry, perhaps I answered too quickly... Fail2ban works when the attacker can be distinguished in some way (other than rate) from an ordinary person browsing your site. If these ten hosts aren't attempting a "brute force" or "dictionary" attack ..ie if they are doing nothing more than requesting web pages (at a fast rate), then fail2ban is probably not the right tool.
On Thu, Dec 15, 2016, at 04:04 PM, Grant wrote: > > Well I certainly use it to defend from that kind of attack all the time. > > Can you give us some idea of the rate (ie: how many requests per > > second)? Also, for that kind of attack it's important to be using the > > recidive filter. By any chance is it a wordpress site? > > > How do you do that? > > The requests per second were not astronomical but my backend gets > bogged down when handling several requests per second over a sustained > period of time. > > I am using the recidive filter. > > It is not a Wordpress site. > > - Grant > > > >> I recently suffered DoS from a series of 10 sequential IP addresses > >> which identified themselves as being associated with a fairly legit > >> search engine. fail2ban would have dealt with the problem if a single > >> IP address had been used. Can it be made to work in a situation like > >> this where a series of sequential IP addresses are in play? ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
