My site does not allow users to register. It is strictly anonymous users.
I get 30 to 50 access denied warnings a day for user/register from all over the world, many of them duplicate IP addresses.

Previously I had allowed users to register, however the result was 10,000+ bogus users in my database with supposedly valid email addresses. I switched to not allowing users to register but still get many attempts to register.

Is there a way to Automatically ban an IP address for say a day or even permanently when they try to access user/register or other suspicious activities?

Thanks!

Comments

nevets’s picture

I have found http://drupal.org/project/httpbl useful, won't get rid of all of them, but it has helped with the major offenders.

squoggle’s picture

http:BL only helps minimally.

It grey listed one IP address out of about 200 in the past 24 hours.

Is there anything else out there I can use?

Thanks!

nevets’s picture

You can fine tune the settings for the module.

squoggle’s picture

Settings are set to the most aggressive settings.

Overnight there were 60 probing attempts at various non existent possible login pages but only 7 of those IP addresses grey listed.

Squoggle

vls’s picture

Hi squoggle.

I was getting several bogus users/day on our site creating accounts. I installed the Captcha questions module, http://drupal.org/project/captcha_questions. It allows you to add a text field to the Create new account form, asking a simple question that any human can answer and configure your own list of acceptable answers. Since the spam bots don't know what to enter into the field, I have not gotten a single bogus account setup since.

The only module I have found so far to automatically ban by IP addresses based on configurable criteria, such as number of login attempts in X amount of time is Login Security http://drupal.org/project/login_security. It seems to be almost perfect for the job, and works nicely, except the IP addresses do not go into the BLOCKED IP ADDRESSES list under Configuration -> IP address blocking, so I have not found a way to remove an automatically blocked address to unblock it or to see a list blocked addresses.

I filed an issue report about it about a week ago, but have not gotten a response yet.

squoggle’s picture

Thanks vls

After reading the description of Login Security I believe this will not work for me. I do not allow logins to my site. It is strictly an anonymous user site other than the admin user.

WorldFallz’s picture

Then your best bet is to add rewrite rules to apache flat out blocking the commonly attempted urls.

squoggle’s picture

Rewrite rules redirecting to httpbl honeypot seems to have done the trick!

Thanks!