And this is a small documentation I've forget to add in the previous article:
- DOSHashTableSize: is the size of the table of URL and IP combined. The greater this setting, the more memory is required for the look up table, but also the faster the look ups are processed. This option will automatically round up to the nearest prime number.
- DOSPageCount: is the number of same page requests from the same IP during an interval that will cause that IP to be added to the block list.
- DOSSiteCount: is the number of pages requested of a site by the same IP during an interval which will cause the IP to be added to the block list.
- DOSPageInterval: Interval for the 'DOSPageCount' threshold in second intervals.
- DOSSiteInterval:Interval for the 'DOSSiteCount' threshold in second intervals.
- DOSBlockingPeriod: is the time the IP is blacked (in seconds
- DOSEmailNotify: can be used to notify by sending an email everytime an IP is blocked
- DOSSystemCommand: is the command used to execute a command when an IP is blocked. It can be used to add a block the user from a firewall or router.
- DOSWhiteList: can be used to whitelist IPs such as 127.0.0.1
So if anybody on my homepage request 5 times the same page in less than 2 seconds, it will get blacklisted.
If anybody try to make more than 100 requests of my homepage in less than 2 seconds, it will get blacklisted. In less than a week, the following Bots get blacklisted.
126.96.36.199 Unknown Country
188.8.131.52 Chinese (Hong Kong)
184.108.40.206 Unknown Country
220.127.116.11 Dutch (Netherlands)
18.104.22.168 GERMANY (DE) City: Muenchen Latitude: 48.15 Longitude: 11.5833
22.214.171.124 United States
126.96.36.199 Country: INDIA (IN) City: Hyderabad Latitude: 17.3833 Longitude: 78.4833
188.8.131.52 UNITED STATES (US)
184.108.40.206 Swedish (Sweden)
220.127.116.11 BELGIUM (BE) City: Tournai Latitude: 50.6 Longitude: 3.3833
18.104.22.168 NETHERLANDS (NL) City: Harlingen Latitude: 53.1833 Longitude: 5.4167
22.214.171.124 GERMANY (DE) City: Heinsberg Latitude: 51.0333 Longitude: 8.15
126.96.36.199 GERMANY (DE)
188.8.131.52 DENMARK (DK)
184.108.40.206 Dutch (Netherlands)
220.127.116.11 ITALY (IT) City: Roma Latitude: 41.9 Longitude: 12.4833
18.104.22.168 UNITED STATES (US) City: Mountain View, CA Latitude: 37.402 Longitude: -122.078 GOOGLE
22.214.171.124 GERMANY (DE)
126.96.36.199 Dutch (Netherlands)
188.8.131.52 UNITED STATES (US) City: Raleigh, NC Latitude: 35.8219 Longitude: -78.6588
You might like also
The Appthority® App Report for February 2013 provides an overview of the security risks behind 100 free iOS and Android apps. Appthority examined the differences between the Android and iOS app ecosystems; compared app behaviors across five popular app categories (business, education, entertainment, finance, games); and looked at the developers behind these apps. Report Highlights The vast majority of free apps send and receive data to outside parties without encryption. 96% of total apps share data with advertising networks and/or …
2357 Days ago
CryptoParty is a grassroots global endeavor to introduce the basics of practical cryptography such as the Tor anonymity network, key signing parties, True Crypt, and virtual private networks to the general public. The first draft of the 442-page CryptoParty&160
;Handbook (the hard copy of which is available at cost), was pulled together in three days using the book sprint approach, and was released 2012-10-04 under a CC-BY-SA license; it remains under constant revision. The CryptoParty&160
;Handbook v1.1 has been released and you …
2401 Days ago
You'll need a lot of patience...Since there is no VMWARE Converter for Linux
...My objective is to virtualizes my Internet server running SUSE in a VMWARE to ease the migration to a more powerful and up to date server. I am using RSYNC since: I have no access to the machine, So I can't stop the server and make a binary images of the disk as the server is in a STRATO data center in Germany (Berlin) I don't like operations …
4049 Days ago
Anybody using internet should really read this article. While targeted at windows users, most of the rules also apply to users of Linux
and mac. "Security consultant Howard Fosdick has contributed the latest entry in the 2008 OSNews Article Contest: a highly detailed examination of security and privacy on the Windows platform, and how to use free software tools and a little knowledge to protect your privacy online. Do you know that -- Windows secretly records all the web sites …
4157 Days ago
I know that Secure, Safe, Fast Linux
Hosting sound silly as nothing can be fast and secure at the same time, but I've compiled a list of things that are worth doing if you are maintaining your own server. This list is clearly targeted for people running an open source stack made of Apache, MySQL, PHP and Linux
. This list is an ongoing work, thta is why it has also a version number in it (v1.0). As soon as I …
4218 Days ago
If you are on the paranoia side, and you better should, if you're using ebanking on an internet connected pc. Secunia is a well known internet site, Secunia is a Danish computer security service provider best known for tracking vulnerabilities in more than 12,400 pieces of software and operating systems. Numbers of "unpatched" vulnerabilities in popular applications are frequently quoted in software comparisons.Secunia also tracks currently active computer viruses. Secunia has gained publicity and a notable reputation with the discovery …
4343 Days ago
FaF (File Anomaly Finder) is a wrapper for the *nix 'find' utility. It generates audit reports for data matching specific characteristics; such data as setgid/setuid, unowned, and more. The objectives are simply to create a simple anomaly finder that identifies common flawed permissions or otherwise suspicious file system characteristics. The main features of FaF are: simplistic and to the point audit reports easy setup and configuration audits emailed to customizable address or user ideal for web servers or general purpose …
4442 Days ago
SIM is a system and services monitor for ‘SysVinit’ systems. It is designed to be intuitive and modular in nature, and to provide a clean and informative status system. It does this by consistently verifying that services are online, load averages are in check, and log files are at reasonable sizes. Many other SIM modules sport different and in-depth features to bring a well rounded tool to your disposal to stop otherwise common issues daunting internet hosts. Features: - Service …
4442 Days ago
Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like: MD5 hash compare Look for default files used by rootkits Wrong file permissions for binaries Look for suspected strings in LKM and KLD modules Look for hidden files Optional scan within plaintext and binary filesRootkit Hunter is released as GPL licensed project and free for everyone to use. …
4443 Days ago
chkrootkit is a tool to locally check for signs of a rootkit. chkrootkit is a common unix-based program intended to help system administrators check their system for known rootkits. It works by using several mechanisms, including comparison of file signatures to known rootkits, checking for suspicious activity (processes listed in the proc filesystem but not in the output of the 'ps' command. …
4443 Days ago