One class of malicious user/uncooperative person is the prober. This is the source of most traffic on my websites, and consists of trying to find weaknesses to exploit.
Typical accesss are to files and directories with names like these:
Code: Select all
wp-login.php, wordpress, wp-includes, PMA2017, admin, mysql, db, database, phpmyadmin, program, myadmin...
Why can't csf add an option to look for sequences of
n or more such accesses from the same IP and then temporarily block that IP? The lookup would be quick using a hashtable, and temporary blocking is already implemented. I could see such a feature requiring no more than an hour for actual implementation.