ConfigServer Community Forum

One class of malicious user/uncooperative person is the prober. This is the source of most traffic on my websites, and consists of trying to find weaknesses to exploit.

Typical accesss are to files and directories with names like these:
Why can't csf add an option to look for sequences of n or more such accesses from the same IP and then temporarily block that IP? The lookup would be quick using a hashtable, and temporary blocking is already implemented. I could see such a feature requiring no more than an hour for actual implementation.

I wrote a program wp-login.php to give these hackers a scary message.

I believe you are looking for Mod Security and/or ConfigServer eXploit Scanner, which both have URL / uploaded file scanning patterns and LFD can block multiple matches by these two (LF_MODSEC, LF_CXS)

Silent, how do I use the cPanel interface to set these up?

Also, is there any way to block everyone with a .ru reverse address? These are mostly the malicious folks, as judged by their access attempts.