1

Auto ban failed hack attempts?

view story
linux-howto

http://serverfault.com – I'm getting log notices of activity's such as users trying to access /js/cache/'+opts.iframeSrc+' and other suspicious looking failed Javascript and MYSQL injections. However these seem to come from an ip addresses that changes daily. (maybe proxies or just a different connection.) How should I deal with this? Is there a way I can add them to an ip blacklist on Apache for 24 hours, or something? The ip address is changing all the time so I don't want have a massive list of ip's that might at some point belong to potential visitors. (HowTos)