Forum

I see many login attempts to phpMyAdmin, WebDAV, Wordpress and other popular Web applications (not existing on my computer). No doubt, Hiawatha is a very secure by default, nevertheless I am wondering how to employ properly the existing banning settings.

1. Despite of "ConnectionsPerIP = 25", I see 266 connections during one or two minutes from the same IP — for example https://www.on.lt/lol/log.txt

2. I have set "BanOnInvalidURL = 2" with "RebanDuringBan = yes" today, but I see banning duration in 9 (instead of 2) seconds in the system.log, while "0 connect attempts during ban".

I would appreciate your advice.

The ConnectionsPerIP is for simultaneous connections only. You could give ReconnectDelay a try, but test carefully.

I see, ReconnectDelay or BanOnFlooding might prevent some right requests. Yet I still do not catche why massive obviously invalid requests are not stopped by BanOnInvalidURL. One such sniffer was caught only once tonight — 1 of 226 wrong 404 requests per 3 minutes from the same IP address. https://www.on.lt/lol/log.txt

The requests as shown in the log.txt file are not invalid. They are just requests for non-existing files, but still valid according to the HTTP specs.

Ah, that's what! Understood, thank you. Is there any other mean against many subsequent requests to non-existing URLs?

Since they don't cause any harm, simply ignore them and focus on the more important things in life.