By squoggle on
My site does not allow users to register. It is strictly anonymous users.
I get 30 to 50 access denied warnings a day for user/register from all over the world, many of them duplicate IP addresses.
Previously I had allowed users to register, however the result was 10,000+ bogus users in my database with supposedly valid email addresses. I switched to not allowing users to register but still get many attempts to register.
Is there a way to Automatically ban an IP address for say a day or even permanently when they try to access user/register or other suspicious activities?
Thanks!
Comments
I have found
I have found http://drupal.org/project/httpbl useful, won't get rid of all of them, but it has helped with the major offenders.
http:BL only helps
http:BL only helps minimally.
It grey listed one IP address out of about 200 in the past 24 hours.
Is there anything else out there I can use?
Thanks!
You can fine tune the
You can fine tune the settings for the module.
Settings are set to the most
Settings are set to the most aggressive settings.
Overnight there were 60 probing attempts at various non existent possible login pages but only 7 of those IP addresses grey listed.
Squoggle
Login Security and Captcha questions modules
Hi squoggle.
I was getting several bogus users/day on our site creating accounts. I installed the Captcha questions module, http://drupal.org/project/captcha_questions. It allows you to add a text field to the Create new account form, asking a simple question that any human can answer and configure your own list of acceptable answers. Since the spam bots don't know what to enter into the field, I have not gotten a single bogus account setup since.
The only module I have found so far to automatically ban by IP addresses based on configurable criteria, such as number of login attempts in X amount of time is Login Security http://drupal.org/project/login_security. It seems to be almost perfect for the job, and works nicely, except the IP addresses do not go into the BLOCKED IP ADDRESSES list under Configuration -> IP address blocking, so I have not found a way to remove an automatically blocked address to unblock it or to see a list blocked addresses.
I filed an issue report about it about a week ago, but have not gotten a response yet.
Thanks vls After reading the
Thanks vls
After reading the description of Login Security I believe this will not work for me. I do not allow logins to my site. It is strictly an anonymous user site other than the admin user.
_
Then your best bet is to add rewrite rules to apache flat out blocking the commonly attempted urls.
Rewrite + httpbl
Rewrite rules redirecting to httpbl honeypot seems to have done the trick!
Thanks!