Block IP on multiple errors

PCZero

• November 26, 2013 00:25

I realize this is not necessarily a WHM/cPanel issue however I am asking for input here in case others may be interested in doing the same thing. I would like to be able to script/options/program that would allow me to automatically block an IP after it has reached X number of errors in Y amount of time (seconds). Preferably I should also be able to be able to flag what errors (400, 403, 500, etc) I want to count towards the X errors value. Example I might want to say if a given IP reaches a total of 10 total 404 and/or 500 errors within 5 seconds then that IP should be blocked. 1) Can someone suggest how I might be able to do this please? 2) Would anyone else be interested in using such a feature? 3) Is this something that can or shoudl be offered in the WHM environment? Any input is welcome and invited. Thanks!

• 

  Infopro

  • November 26, 2013 09:08

  [QUOTE]Example I might want to say if a given IP reaches a total of 10 total 404
  CSF does this: [QUOTE]# This option will keep track of the number of "File does not exist" errors in # HTACCESS_LOG. If the number of hits is more than LF_APACHE_404 in LF_INTERVAL # seconds then the IP address will be blocked # # Care should be used with this option as it could generate many # false-positives, especially Search Bots (use csf.rignore to ignore such bots) # so only use this option if you know you are under this type of attack # # A sensible setting for this would be quite high, perhaps 200 # # To disable set to "0" LF_APACHE_404 =
  

  0

Please sign in to leave a comment.