On Tuesday 12 January 2021 05:01:09 Jason Long wrote: > I did below rule, but not worked: > # iptables -A INPUT -p tcp --syn --dport 80 -m connlimit > --connlimit-above 20 -j REJECT --reject-with tcp-reset Lessons learned while trying to stop the &^$>#@# bots from mirroring my content on a 10 mbit circuit 10 times a day, burning up my upload bandwidth. 1. I watch the other* log. 2. on stretch, I still use iptables 3. I don't reject, I DROP, they get no response to even prove I'm there. 4. since they move bots addy's around weekly to get around people like me, I block that whole 256 wide block with a /24 appended to the ipv4 addy. 5. I'm in ipv4 territory, so when I see a bot in that log, I use its ipv4 address in /24 format to save writing 255 more rules. 6. really stubborn addresses that don't obey robots.txt get the /16 treatment. 7. 114 such rules later, I finally have my internet back. But it does take some maintenance time. I haven't changed my habits, but my bandwidth useage has dropped from 300+G a month a year ago to 30 or 40 now. And now if I have something of use to others, they can get it. Slowly, but they can get it. Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) If we desire respect for the law, we must first make the law respectable. - Louis D. Brandeis Genes Web page <http://geneslinuxbox.net:6309/gene> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|