Topic: htaccess good getting blocked by bad

[liderbug]

So my website gets hit 10 to 30 times every day with requests for [mysite]/wp-admin, wp-login, etc. I don't/won't use Wordpress. There are several other words I block: user, passwd, etc. When a trigger word comes in I execute a 403.php script that appends "deny from $ip" to htaccess. One of my pages is in Colorado for use of the people in the area to schedule a volunteer shift on a local project. Last night there were 4 WP attempts from - Poland. My problem is: a local user using a local internet address gets a DHCP address previously used by a BOT in the same IP range (thank you dhcp).

My 403.php scripts ends with:
while ( 1 )
{
echo "\0x16";
usleep (10000);
}

Oh, and while I write this 12 more wp-xxxxx requests have come in. My biggest gripe - the IP belongs to [say] Microsoft. "Not our problem. Take it up with the end user." (OMG we should do anything to not rake in money).

Any improvements anyone can suggest? Thanks

[danielruf]

I can understand why you want to use some tarpit solution.

But this is the general grey noise of the web, most or all public websites are facing these rather harmless requests.

Keep in mind thyt you are also burning CPU cycles of your server via PHP.

Bots in general close the connection or just send a request but do not keep the connection open or check the response.

You can block whole CIDR blocks of relevant botnets. Or simply use fail2ban with a custom jail, which adds the relevant firewall rules automatically.

https://greg.molnar.io/blog/blocking-bots-with-fail2ban/