Are they just hitting the same URL over and over again, or are they actively crawling your pages and trying different things in URL parameters and forms?

You could temporarily setup Cloudflare for your websites on the server. If you just want it to filter out the unwanted traffic the free tier is probably enough, but if you think your server is actually under attack I'd recommend the pro trier. After setup you can toggle that you are under attack, and filtering will be more aggressive.

https://www.cloudflare.com/plans/  

On Tue, Apr 9, 2019 at 3:45 PM Keith <keith@keiths-place.co.uk> wrote:
Your theory about it just being a try out practice run sort of thing
does, unfortunately, sound feasible. The hit rate is not large enough on
its own to be dangerous - 6 a second - but it has gone on for so long
with no success at all on their part. hey throw in the odd ping every
now and then as well.
Still awaiting a response from their abuse address

Keith


On 2019-04-09 17:18, Max B via users wrote:
> Probably a compromised Stanford system, that makes one suspect those
> coltish "Stanford students" instead of the real culprit who is more
> likely either A/ to frustrate your service, such as tor or wikileaks
> etc, B/ to be a script kiddie, C/ to be an APT.
>
>
>
>
>


_______________________________________________
users mailing list
users@lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users


--
My PGP is available at: http://downgoat.net/pages/contact.html