Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

speed limit on 404 and access violations #1095

Closed
remyKobolski opened this issue Sep 3, 2021 · 2 comments
Closed

speed limit on 404 and access violations #1095

remyKobolski opened this issue Sep 3, 2021 · 2 comments
Labels
duplicate

Comments

@remyKobolski
Copy link

Make 404 errors using the same speed limits as login.
The reason is that some hackers try to inject sql into http params, and hammer the site with dictionary attacks.

Make access violations using the same speed limits as login.
The reason is that web scrapers hammer the site for data and hit protected data.
Example: download area.
@remyKobolski
Copy link
Author

It is also the case that a lot of script kiddies use automated tests for vulnerable scripts, like wp-login, wp-this, wp-that and other methods. It looks similar as a portscan.
The consequence is that it is consuming so much cpu time and bandwidth.
My logFiles become unusable.

@eSilverStrike
Copy link
Member

Yup thought of something similar here with feature request #1030

It expands on your idea with errors from forms as well to block the bots.

With 404 errors we would have to be careful though as you could block legit bots like Google if the threshold is set to low.

I am going to close this feature request since it is part of the other feature request which we hope to get implemented in version Geeklog 2.2.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
duplicate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@eSilverStrike @remyKobolski