They’re trying all the doors and all the windows..

Originally – I wasn’t looking for evidence of abuse or brute force attempts to my web server but through analysis of log files – I’ve found some.

A lot in fact. 100K+ HITs per day to particular parts of my site, the majority of which is brute force.

Screen Shot 2016-02-11 at 14.28.08

I’ve noticed weirdness in firewall logs too which I’m beginning to trawl through and start closing off doors because of. Thank the lord for iptables and a decent policy.

I’m now in a state of closing ports, rebinding services to IPs and setting up rate-limiting to thwart repetition. Blocking will now occur and prevent hammering of pages. Next is to start black-holeing IPs that persist.

Leave a Reply

Your email address will not be published. Required fields are marked *