Bharath Ramesh wrote:
I feel that this because of the large number of rules that are being
created. My question would be what would be a good way to block large
number of ip ranges with iptables.
I wrote a Spambot Trap back in 2002, which has been running on my
websites for years now, protecting against spambots. The article is here:
http://www.neilgunton.com/doc/spambot_trap
The real distinguishing feature is the progressive block algorithm.
Basically each time a bot falls into the trap, the block time is
doubled. The exponential nature of this ensures that ip addresses which
only offend once or twice do not sit around clogging up my iptables
rules, whereas repeat offenders progressively get longer and longer
blocks. The system copes very well with the constantly changing ip
addresses of the zombie botnets.
Neil
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
