Forum

Banning seconds

Vladas Palubinskas
7 November 2018, 21:54
I see many login attempts to phpMyAdmin, WebDAV, Wordpress and other popular Web applications (not existing on my computer). No doubt, Hiawatha is a very secure by default, nevertheless I am wondering how to employ properly the existing banning settings.

1. Despite of "ConnectionsPerIP = 25", I see 266 connections during one or two minutes from the same IP — for example https://www.on.lt/lol/log.txt

2. I have set "BanOnInvalidURL = 2" with "RebanDuringBan = yes" today, but I see banning duration in 9 (instead of 2) seconds in the system.log, while "0 connect attempts during ban".

I would appreciate your advice.
Hugo Leisink
10 November 2018, 16:15
The ConnectionsPerIP is for simultaneous connections only. You could give ReconnectDelay a try, but test carefully.
Vladas Palubinskas
18 November 2018, 13:12
I see, ReconnectDelay or BanOnFlooding might prevent some right requests. Yet I still do not catche why massive obviously invalid requests are not stopped by BanOnInvalidURL. One such sniffer was caught only once tonight — 1 of 226 wrong 404 requests per 3 minutes from the same IP address. https://www.on.lt/lol/log.txt
Hugo Leisink
23 November 2018, 22:14
The requests as shown in the log.txt file are not invalid. They are just requests for non-existing files, but still valid according to the HTTP specs.
Vladas Palubinskas
24 November 2018, 16:05
Ah, that's what! Understood, thank you. Is there any other mean against many subsequent requests to non-existing URLs?
Hugo Leisink
24 November 2018, 20:47
Since they don't cause any harm, simply ignore them and focus on the more important things in life.
This topic has been closed.