<span id="mailbox-conversation"><div>What format do you have on your apache logs? You could probably just cut out the IP addresses, count each IP-numbers occurrence and use those statistics to determine who to blacklist and not.</div>
<div>Since it’s attacks on multiple systems blacklisting kind of seems like the only option, that or restricting all systems with whitelisting policies which.</div>
<div>Could you add my account on Trac as allowed to post issues? My username is jonet.</div></span><div class="mailbox_signature"><br></div>
<br><br><div class="gmail_quote"><p>On Wed, Jan 14, 2015 at 10:26 PM, Bruce Dubbs <span dir="ltr"><<a href="mailto:firstname.lastname@example.org" target="_blank">email@example.com</a>></span> wrote:<br></p><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><p>Pontus Karlsson wrote:
<br>> Did you try blacklisting their IP?
<br>> On Wed, Jan 14, 2015 at 9:14 PM, <firstname.lastname@example.org> wrote:
<br>>> Did you try blacklisting their IP?
<br><br>It's a little hard to figure out the IP. It's done via http. I looked
<br>at the apache log, but it has 573K lines right now.
<br><br>I see I still get attempts to register at the -patches mailing list so
<br>spam can be sent to that list. That's from multiple IP addresses.
<br><br>13189 attempts in less than 4 days from 251 different IP addresses.
<br><br>Ah, the wiki.linuxfromscratch.org is a little easier. Only 24K lines in
<br>that log. 18 newticket POST commands. The offending IP address appears
<br>to be 18.104.22.168. The previous offending post was from 22.214.171.124.
<br><br>Both of those seem to be hosted in New York state, but by different
<br>ISPs. In other words, a botnet.
<br><br> -- Bruce
<br>Unsubscribe: See the above information page