all comments

[]Chungus -0 points

[]x0x7 -0 points

The benefit of being on node js and running a reverse proxy. I just take everything with goes for php and has the ip address as the host and put it on a hang list.

Ok, I also make sure admin is mentioned someone in at least one of the urls and that no legitimate traffic is coming from that ip. But after that it's.

var badip = ['','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','',''];
badip = new Set(badip);

var hanglist = [];
var hanglimit = 25;
 var ip = req.connection.remoteAddress.replace('::ffff:','');
 if(!importantip.has(ip) && badip.has(ip)) {
  if(hanglist.length>hanglimit) {
   hanglist = [];
 //more code

Maybe that's not the best way to handle bad traffic but I'm willing to eat some cost in the form of pooled connections to slow them down.

[] -0 points

The issue is, if you're going to add to this list automatically, you run the risk of banning legitimate traffic when the IP is shared. This may or may not be a big issue.

I've run sites in the past where everything with a chinese or russian IP doesn't even get a response (so the server is effectively not there). That stops via obscurity most attacks because they're often just going for low hanging fruit.

[] -0 points

just ban them ffs