aeealaska
Forum Replies Created
-
Thank you again for your reply!
I cannot agree the attacks were changing every time. Obviously, it’s not practical to enter 800 IPs at a shot so I crafted a script that would take the IP data (which I copied and pasted to an Excel spreadsheet) then getting busy removing the duplicates and dumping the output to a text file. That’s how I first caught on – out of about 800 IPs and filtering the duplicates, I would have between 100 – 200 unique IP addresses left.
Lather, rinse and repeat the next day.
I kept noticing the same IPs popping up over and over and over again. So, back to the bit farm to massage the script. Now it generates two text files for me – one list has the IPs with duplicates removed, the other essentially is just a copy of the first list with the wildcards inserted.
One short “Add Many” session later, and PRESTO !
It seems by adding both in I get a ban list with teeth that actually bans a given address. The proof is in the pudding in that my graph is now a vertical line going down, instead of going up.
That being said I tossed caution to the wind, spit in the eye of danger, and put on my laugh-in-face-of-certain doom pants and tightened up the settings you mentioned to a point just this side of draconian. Then I settled in with a cup ‘o joe, my #2 pencil and Big Chief notebook to observe and record what happens.
Like Adam Savage said, kiddies – the difference between science and screwin’ around is writin’ it down! ??Thank you for your reply. I truly appreciate the response!
However, it pains me to report that I have found a workaround that I tested this holiday weekend, but I am pleased to report it worked.
The workaround :
Using the “Add Many” interface, I added the IP verbatim then copied and pasted the IP but this time I replaced the last two octets with wildcard characters and saved.
It would appear the two-fisted approach, so to speak, is effective in ensuring those involved stay banned. My attacks plummeted from an average of 800 per day before the holiday weekend to 6 so far today. I theorize it was a “script kiddie” using a bot-net to attack our site, which explains a lot of the attack being so sustained, but generally all launching from the same IP address.
Even so I rarely, if ever, receive Site Lockout notifications.
Once again, thank you very much for the response!