On Thu, 25 May 2006, Harold Hallikainen wrote:

> I wonder if some "web accelerators" that prefetch pages will appear to be
> site rippers to your script.

Good question.

> Another script I run is sshblacklist. It blocks IP addresses (through
> iptables) if there are three bad username or bad password attempts on ssh.
> Without running that script, my logs would report thousands of attemtps
> each night. Now it's generally zero, or maybe ten (with a couple more IPs

Why not make ssh port disappear altogether and appear only when needed ? 
See knockd ? So you can detect maladroit knocking beforehead and lock 
out the origin URL before it hits *any* valid services (including web).

Peter
-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist