Re: How Do I Prevent Repetitive Hits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



That will be someone probing the site and or a bot, simple way would be to add crowdsec to the server and that will help protect it

https://www.crowdsec.net/

On 25 Aug 2022, at 17:17, John Iliffe <john.iliffe@xxxxxxxxx> wrote:

For the last week we have been getting hit on average about every 3 seconds by a
machine that appears to be in Panama.  There should be no reason why this
machine would want to connect to us.

193.29.60.97 - - [25/Aug/2022:12:12:04 -0400] "GET /favicon.ico HTTP/1.1" 200
3262 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/104.0.5112.102 Safari/537.36"
193.29.60.97 - - [25/Aug/2022:12:12:05 -0400] "GET /favicon.ico HTTP/1.1" 200
3262 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/104.0.5112.102 Safari/537.36"
193.29.60.97 - - [25/Aug/2022:12:12:06 -0400] "GET /favicon.ico HTTP/1.1" 200
3262 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/104.0.5112.102 Safari/537.36"
193.29.60.97 - - [25/Aug/2022:12:12:07 -0400] "GET /favicon.ico HTTP/1.1" 200
3262 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/104.0.5112.102 Safari/537.36"
193.29.60.97 - - [25/Aug/2022:12:12:08 -0400] "GET /favicon.ico HTTP/1.1" 200
3262 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/104.0.5112.102 Safari/537.36"
193.29.60.97 - - [25/Aug/2022:12:12:10 -0400] "GET /favicon.ico HTTP/1.1" 200
3262 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/104.0.5112.102 Safari/537.36"
193.29.60.97 - - [25/Aug/2022:12:12:11 -0400] "GET /favicon.ico HTTP/1.1" 200
3262 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/104.0.5112.102 Safari/537.36"
193.29.60.97 - - [25/Aug/2022:12:12:24 -0400] "GET /favicon.ico HTTP/1.1" 200
3262 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/104.0.5112.102 Safari/537.36"
193.29.60.97 - - [25/Aug/2022:12:12:26 -0400] "GET /favicon.ico HTTP/1.1" 200
3262 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/104.0.5112.102 Safari/537.36"
193.29.60.97 - - [25/Aug/2022:12:12:33 -0400] "GET /favicon.ico HTTP/1.1" 200
3262 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/104.0.5112.102 Safari/537.36"

While it doesn't appear to be causing us any harm I am wondering why someone
would spend the time/money to do so and if there is any way to lock out this one
source.

Does anyone have any suggestions?

Thanks in advance,

John
======


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux