Hi Daniel
In the pike ban I'd add a reason instead of a 1 to the htable key value. Something like
if (!pike_check_req()) {
xlog("L_ALERT","ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n");
$sht(ipban=>$si) = "pike";
exit;
}
This is because you can ban IP addresses lfor other reasons and it's nice to see what it is. In the default config file only if they key exists is checked so having a 1 or another thing doesn't alter the behaviour.
Another ban reason example I use (copied from Fred Postner I think):
if($au =~ "(=)|(--)|(')|(#)|(%27)|(%24)" && $au!=$null) {
xlog("L_WARNING","AU SQL injection $au from $si:$sp R=$ru\n");
$sht(ipban=>$si) = "sql";
exit;
}
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.