[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: new, not nice web bots disposal

	Hi.

On Wed, Feb 26, 2020 at 01:50:40PM -0500, Lee wrote:
> On 2/26/20, Gene Heskett <gheskett@shentel.net> wrote:
> > over the last 90 days or so, we seem to have been plauged with a new
> > breed of bots scanning our web pages, and they are not just indexing our
> > web pages I don't mind that, but they are ignoring our robots.txt and
> > are  mirroring anything apache2 can reach, including stuff thats there
> > but not reachable by a normal browser just looking around and clicking
> > on links.
>   <.. snip ..>
> > To add a new rule, covering that whole 256 address block because they
> > seem to have a random address, changed about weekly, in that block:
> >
> > root@coyote:iptables$ cat iptables-add
> >
> > #!/bin/bash
> > iptables -I INPUT -s add.ress.to.block/24 -j DROP
> 
> Have you considered REJECT instead of DROP?

A neat idea for your LAN. A bad idea in this case.

You *want* that other side to retry, wasting their time instead of
spamming their target. In fact, one should consider using TARPIT instead
of a DROP here.

Reco
Reply to: