=== chris14_ is now known as chris14
=== esv_ is now known as esv
[02:56] <foo> I've got a bot crawling a ton of pages on our server looking for various wp hacked files. We're throwing 404s, we don't host wordpress. But I can see it hitting our server a ton. What can I use to block this? I may manually ban this ip now.
[02:56]  * foo install iptables
[02:57] <foo> iptables v1.8.7 (nf_tables): Could not fetch rule set generation id: Permission denied (you must be root) ... meh, I am root.
[02:57] <ChmEarl> foo, make sure logrotate is installed with compress 
[02:59] <foo> Hm, that was also being ran within docker
[02:59] <foo> I wonder if that's the issue
=== shokohsc5 is now known as shokohsc
[18:34] <sarnold> foo: some people use fail2ban to accomplish similar things: https://serverfault.com/q/918151  I don't know if I *really* trust fail2ban enough for that kind of power, but it's something you can do
[18:37] <JanC> might have unintended consequences if you have some missing asset on your site...   :)
[19:01] <sarnold> ha ;)
[20:20] <foo> JanC / sarnold - ha, thank you :) 
[20:22] <JanC> probably best if you specifically ban those that scan for vulnerable wordpress assets, and not just all 404s  :)
[20:23] <JanC> or if you want even more fun, pull them into a tarpit  :)
[20:35] <foo> JanC: haha, fair enough! 
=== shokohsc3 is now known as shokohsc