Michael Corliss asked:
> I've found some suggestions that this UA is associated with malicious
> bots; is this a DDOS? Who would want to DDOS a piddly discussion
> forum? Any advice on making it useable again?
It's unlikely to be DDOS - why do POSTs? - and much more likely to be a
bruteforce on passwords. Can you log in directly on the home page?
What's happening to other users of the forum software?
A different Ian said:
> fail2ban ( www.fail2ban.org) will detect a bot that is "too active".
> I think it can detect POSTs.
Yes, you can set up a jail that says 'more than x (say four) POSTs in y
(say one) minutes = ban it'
If someone doesn't already have it installed, what's protecting you
against ssh bruteforce attempts?
Keith Williams said:
> If your CMS is PHP powered, I'd recommend zbblock
> <http://spambotsecurity.com/>
The default lists are a little too strict for me (I need incoming
connections from AWS, for example) but thanks, I will look into this one.
Ian
