hi all -
i am trying to come up with a decent response to these denial-of-service attacks i keep getting, mainly going after my wordpress sites.
but then i got to thinking (uh oh!) about some thing set to run every miinute or two that looked something like this:
grep $(date -d '1 minute ago' +%d/%b/%Y:%H:%M) /var/log/virtualmin/_access_log \ | sed -e 's/ - -.$//;' \ | sort \ | uniq
so i might end up seeing a format that looks like this:
domain name : IP NBR : number of requests
then maybe i can see if there have been more than 20 or so requests in the past minute, and if so, write the IP## into the csf.deny file.
any thoughts on this? usually when us newbies think of something this simplistic, one of the master wizards always has a better idea.