BotBlocker, the result of years of frustration.

Example:
create the config somewhere in your project that we can customize it.


#CUST_SCRIPT_BLOCK=
#CUST_SCRIPT_UNBLOCK=
#CUST_SCRIPT_TEMPBLOCK=

the default should "empty" or unset.

The logics is when one these config not empty, then your project must call this sciipt via CLI instead of your own script. And respect exit_code 0 for success operation.
And any leave empty config should automatic "success" operation.
 
Just a quick question about your script: if it detects multiple IP addresses from the same network, can it block the entire network straight away? Ideally, if it detects, for example, that 2–3 networks originate from the same ASN, the whole ASN would be blocked. Of course, an ASN whitelist would also be needed.

I’m asking because today at around 16:00 MESZ, 50% of our CP servers suddenly experienced a load of 150 or more. The source was around 80 IP addresses from 6 Class C networks, all belonging to the same ASN. I blocked the entire ASN on the routers and that sorted it. I’m now wondering what would have happened if I hadn’t been available and hadn’t seen the monitoring alert straight away. That would certainly have led to Apache crashes, as has happened countless times in the past. Strangely enough, it never affects the DA servers, presumably because there are far fewer of them.

I think I’ll test your tool on a DA dev server next week and order a DDoS in the DW to see what happens. Then I’ll do the same with a CP dev server.
 
You must log in or register to reply here.
Back
Top