I'm getting tired of the various things hitting my web server for things that don't exist. Last night someone tried over 3000 things off my server and only got back 5 valid pages which is the system home page.
I've found both breakinguard and denyhosts to be very useful tools for stopping SSH brute force attacks. I'm thinking along those same lines. If bad-client tries over X web pages against my server, I no longer care to talk to them. Drop in an ip table shun and let them find some other server to poke at. This would close down a number of the sql injectors, scanners, etc. I'm sure I could modify the above to do what I want, but if someone has already done the work, why re-invent? Thanks --Gene _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
