On Fri, Aug 25, 2006 at 11:00:46AM +0200, Armin Wolfermann wrote:
> * Daniel Ouellet <[EMAIL PROTECTED]> [24.08.2006 22:09]:
> > What do you think?
>
> This is something I'm doing on several servers here. I use mod_redirect
> to redirect scanning bots to a CGI blocking the offending IP at the
> border firewall, e.g.
>
> ...
> RewriteRule /cgi-bin/awstats.pl /cgi-bin/blockme [PT,L]
> RewriteRule /blog/xmlrpc.php /cgi-bin/blockme [PT,L]
> RewriteRule /phpMyAdmin-2.2.3/main.php /cgi-bin/blockme [PT,L]
> ...
>
> For the remote addition to your blocklist you may take a look at
> http://www.wolfermann.org/pftabled.html
Note, however, the potential for self-DoS here [1]. Which is why most of
those blocking solutions aren't actually very good ideas.
Joachim
[1] Especially if this script blocks an attacker from *all* services,
not just the webserver.
