Closed remyKobolski closed 2 years ago
remyKobolski
commented
2 years ago It is also the case that a lot of script kiddies use automated tests for vulnerable scripts, like wp-login, wp-this, wp-that and other methods. It looks similar as a portscan. The consequence is that it is consuming so much cpu time and bandwidth. My logFiles become unusable.
eSilverStrike
commented
2 years ago Yup thought of something similar here with feature request #1030
It expands on your idea with errors from forms as well to block the bots.
With 404 errors we would have to be careful though as you could block legit bots like Google if the threshold is set to low.
I am going to close this feature request since it is part of the other feature request which we hope to get implemented in version Geeklog 2.2.2
Make 404 errors using the same speed limits as login. The reason is that some hackers try to inject sql into http params, and hammer the site with dictionary attacks.
Make access violations using the same speed limits as login. The reason is that web scrapers hammer the site for data and hit protected data. Example: download area.