| ▲ | shimman 4 hours ago | |
Do you not run Anubis or have strict fail2ban rules? I just straight up ban IPs forever if they lookup files that will never exist on my servers. That plus Anubis with the strictest settings. | ||
| ▲ | lm411 3 hours ago | parent [-] | |
Fail2ban doesn't scale well to these volumes of traffic and request patterns. Just like fail2ban is not very useful against a DDOS attack where each unique IP only makes a few requests with a large (hour+) delay in between requests. There is no clear "fail" in these requests, and the fail2ban database becomes huge and far too slow. - 400,000 Unique IP addresses - 1 to 3 requests per hour per IP addresses - with delays of over 60 minutes between each request. - Legit request URLs, legit UA & referrer Maybe Anubis would help, but it's also a risk for various reasons. | ||