netfilter-bounces@xxxxxxxxxxxxxxxxxxx <> wrote: > Let me tell the background first... > > We have a web server, recently received a lot of requests from oversea > proxy. The requests are to spam our applications (i.e. leave > comments). They don't success, since they never get the correct > captacha. > > But the problem is: They are doing requests & requests forever (even > with no success). This lead to: > > 1. Waste of CPU time of our web server > 2. Waste of oversea bandwidth > > > Can iptables or related tools or packages can do this for me? > > p.s. Since they are changing proxy all the time, so might be need a > automatic solutions, Not directly, but this would be a solution I would think of: You could modify the comment-script so that it logs the IP from the hosts that attempt to leave a comment but fail doing so (if the script doesn't do this already). After that you can write a script that parses and clears the logfile every x minutes to filter the largest offenders. You can enter these offending IP's in a user defined blocking-chain which is called in the INPUT chain (or FORWARD chain, depending on your setup) to block further requests from these IP's. Grts, Rob
