Jeff,
I've thought the same thing about "FAIL"2ban. We use it at $work and
it can block an IP within a couple of seconds. There are other
similar packages, but fail2ban is worth a try if you find no other
solution.
On Sun, Apr 19, 2020 at 5:48 PM Jeffrey Walton wrote:
>
> On Sun, Apr 19, 2020
On Sun, Apr 19, 2020 at 7:48 PM Jeffrey Walton wrote:
> It seems like Mediawiki should know it is incorrect for someone to
> request load.php. The request should be killed in the application.
> Mediawiki has the specialized knowledge required to stop the
> shenanigans.
>
>
load.php is meant to
On Sun, Apr 19, 2020 at 6:38 PM Keith Christian
wrote:
>
> Try fail2ban, it is an excellent filtering system that blocks IP
> addresses based on what it finds in log files, you'd point fail2ban at
> the web server logs, e.g. Apache logs or whatever http server is on
> your Mediawiki server.
Try fail2ban, it is an excellent filtering system that blocks IP
addresses based on what it finds in log files, you'd point fail2ban at
the web server logs, e.g. Apache logs or whatever http server is on
your Mediawiki server.
On Sun, Apr 19, 2020 at 12:51 PM Jeffrey Walton wrote:
>
> Hi
Hi Everyone,
We see a continuous flow of requests like shown below. We are fairly
certain it is a botnet probing for weaknesses or vulnerabilities. The
source IP address slowly moves around. It looks like there was a bug
in load.php some time ago [1].
I don't have time to manually monitor this.