| ▲ | ajsnigrutin 2 hours ago | |
And you'd ban the ip, their one day lease on the VM+IP would expire, someone else will get the same IP on a new VM and be blocked from everywhere. Would be usable to ban the ip for a few hours to have the bot cool down for a bit and move onto a next domain. | ||
| ▲ | holysoles 2 hours ago | parent [-] | |
I was referring to the rules/patterns provided by crowdsec rather than the distribution of known "bad" IPs through their Central API. The default ban for traffic detected by your crowdsec instance is 4 hours, so that concern isn't very relevant in that case. The decisions from the Central API from other users can be quite a bit longer (I see some at ~6 days), but you also don't have to use those if you're worried about that scenario. | ||