[tor-relays] 7 relays gone because of spammers

Markus Hitter mah at jump-ing.de
Thu Feb 26 12:10:12 UTC 2015


Am 26.02.2015 um 03:42 schrieb ZEROF:
> 4. Setup honey-pot on your server and play their game (10-15 job):
> http://linuxdrops.com/how-to-set-up-a-honeypot-using-smart-and-simple-artillery-debian-6-0/

Sounds like a good strategy.

What I don't like is the _permanent_ ban of IP addresses. Being a co-maintainer of a wiki, a mailing list and a forum, all reasonably popular, I've learned that IP addresses are no longer a reliable way to identify users. Also that malicious people have no shortage of addresses. They have plenty of them, enough to choose another one for each attack even if you don't ban the former one.

Running a strategy of banning permanently all IPs with malicious tries inevitably leads to also locking out many legitimate users. Before too long you've banned half the Internet and your server fortress is of no use anymore.

As such I started to ban only for short periods of time. A week, or a month. Works just as fine as permanent bans against attacks and legitimate users have to just wait a few days worst case to pick up services again.


Markus

-- 
- - - - - - - - - - - - - - - - - - -
Dipl. Ing. (FH) Markus Hitter
http://www.jump-ing.de/


More information about the tor-relays mailing list