You are viewing the thread of a single comment from: Stupid new updates for August 10

are you using fail2ban? before i gave esreality.com away i spent a lot of time analyzing bot traffic. it was pretty easy to determine that most (99%+) was coming from southeast asia, and pretty much everything was coming from aws/gcp/azure, so i just mass-blocked all the big cloud provider asns (esr was gatekept by cloudflare), then set up fail2ban to monitor for multiple 404s in a 2 minute span. i then set up honeypot style behavior where if an unauthenticated user visited urls that met specific criteria, they would get a 404 and requesting auth. the bots just kept trying to consume more instead of logging in, so they'd get temp-banned by fail2ban, and eventually they just gave up.

View
gyrate 16 days ago

I installed fail2ban, but it looks like I need to make my own filters for 444 responses (when something makes a request with an unknown virtual hostname) and requests for *.php.

View
UnbespokenSatan 13 days ago

thankfully the filters are stupid simple

View
gyrate 17 days ago

Fail2ban is the next thing on my list. I think can get rid of most bot traffic by just banning anything that connects with an unknown hostname.

View