Hacker News new | past | comments | ask | show | jobs | submit login

On a related note, the number of HTTP 404 errors I see to /wp-login.php on my static website is ridiculous. (But absolutely not security risk.)



That's what you get running a webserver. This is what should happen (but you could choose not to log those...)


You could also temp-ban those IPs for a few hours and save yourself some CPU and bandwidth.

It may not seem like much, but I spent a year or two adminning a >1 million reqs / day cluster, and it does add up. Auto-banning this type of obvious offender (with fail2ban, as it happens) did result in a noticeable improvement for us.


You could indeed (temp-)ban them based on logs. Of course it is a huge improvement, if you catch offending IPs early, they never hit any app.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: