Hacker log

lists at lazygranch.com lists at lazygranch.com
Sat Oct 22 22:17:24 UTC 2016

On Sat, 22 Oct 2016 17:40:56 -0400
"itpp2012" <nginx-forum at forum.nginx.org> wrote:

> The idea is nice but pointless, if you maintain this list over 6
> months you most likely will end up blocking just about everyone.
> Stick to common sense with your config, lock down nginx and the
> backends, define proper flood and overflow settings for nginx to deal
> with, anything beyond the scope of nginx should be dealt with by your
> ISP perimeter systems.
> Posted at Nginx Forum:
> https://forum.nginx.org/read.php?2,270485,270486#msg-270486
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

I've been doing this for more than six months. Clearly I haven't
blocked everyone. ;-)

These requests would just go to 404 if I didn't trap them. I rather
save 404 for real missing links.

My attitude regarding hacking is if it comes from a place without
eyeballs (hosting, colo, etc.), enjoy your lifetime ban. This keeps the
logs cleaner. Dumb hacking attempts like that clown could be some real
attack in the future, so better to block them. 

At the very least, you could block all well known cloud services. AWS
for example, but not from email ports. 

More information about the nginx mailing list