> Fail2ban works when the attacker can be distinguished in some way (other > than rate) from an ordinary person browsing your site. > If these ten hosts aren't attempting a "brute force" or "dictionary" > attack ..ie if they are doing nothing more than requesting web pages > (at a fast rate), then fail2ban is probably not the right tool.
Any idea what the right tool would be? nginx doesn't seem to have anything like that. - Grant >> > Well I certainly use it to defend from that kind of attack all the time. >> > Can you give us some idea of the rate (ie: how many requests per >> > second)? Also, for that kind of attack it's important to be using the >> > recidive filter. By any chance is it a wordpress site? >> >> >> How do you do that? >> >> The requests per second were not astronomical but my backend gets >> bogged down when handling several requests per second over a sustained >> period of time. >> >> I am using the recidive filter. >> >> It is not a Wordpress site. >> >> - Grant >> >> >> >> I recently suffered DoS from a series of 10 sequential IP addresses >> >> which identified themselves as being associated with a fairly legit >> >> search engine. fail2ban would have dealt with the problem if a single >> >> IP address had been used. Can it be made to work in a situation like >> >> this where a series of sequential IP addresses are in play? ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
