| === chris14_ is now known as chris14 | ||
| === esv_ is now known as esv | ||
| foo | I've got a bot crawling a ton of pages on our server looking for various wp hacked files. We're throwing 404s, we don't host wordpress. But I can see it hitting our server a ton. What can I use to block this? I may manually ban this ip now. | 02:56 |
|---|---|---|
| * foo install iptables | 02:56 | |
| foo | iptables v1.8.7 (nf_tables): Could not fetch rule set generation id: Permission denied (you must be root) ... meh, I am root. | 02:57 |
| ChmEarl | foo, make sure logrotate is installed with compress | 02:57 |
| foo | Hm, that was also being ran within docker | 02:59 |
| foo | I wonder if that's the issue | 02:59 |
| === shokohsc5 is now known as shokohsc | ||
| sarnold | foo: some people use fail2ban to accomplish similar things: https://serverfault.com/q/918151 I don't know if I *really* trust fail2ban enough for that kind of power, but it's something you can do | 18:34 |
| JanC | might have unintended consequences if you have some missing asset on your site... :) | 18:37 |
| sarnold | ha ;) | 19:01 |
| foo | JanC / sarnold - ha, thank you :) | 20:20 |
| JanC | probably best if you specifically ban those that scan for vulnerable wordpress assets, and not just all 404s :) | 20:22 |
| JanC | or if you want even more fun, pull them into a tarpit :) | 20:23 |
| foo | JanC: haha, fair enough! | 20:35 |
| === shokohsc3 is now known as shokohsc | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!