Blocking or Identifying bad IPs
Posted: 01 Jun 2020, 20:02
Hello,
I'm wondering if CSF has any way to do some aggregate monitoring across a set of clustered servers to look for bad actor IP addresses.
For example even a single IP that is hitting lots of websites across all of our servers is suspicious.
It's really suspicious if it's hitting /xmlrpc.php on multiple sites across our servers and a strong sign it's a bot net or some type of scanning.
Volume of requests would be a trigger as well and requests to /xmlrpc.php or other common hacked URLS that are from IPs outside of our country.
So curious if CSF has any configuration that may provide some reports. Some ideally I'd like to auto-ban (ie /xmlrpc.php connections from a single IP across multiple hosted websites is a strong sign to me that they are trying something bad).
So I thought I'd start on the forum here to see if I may be overlooking some existing features of CSF.
Thanks.
I'm wondering if CSF has any way to do some aggregate monitoring across a set of clustered servers to look for bad actor IP addresses.
For example even a single IP that is hitting lots of websites across all of our servers is suspicious.
It's really suspicious if it's hitting /xmlrpc.php on multiple sites across our servers and a strong sign it's a bot net or some type of scanning.
Volume of requests would be a trigger as well and requests to /xmlrpc.php or other common hacked URLS that are from IPs outside of our country.
So curious if CSF has any configuration that may provide some reports. Some ideally I'd like to auto-ban (ie /xmlrpc.php connections from a single IP across multiple hosted websites is a strong sign to me that they are trying something bad).
So I thought I'd start on the forum here to see if I may be overlooking some existing features of CSF.
Thanks.