Hello all - we've been recieving a lot of DoS-esque attacks on our webserver at work as of late. None of them have been enough to have an affect on the server, but nonetheless, it's malicious activity. Most of these attacks come in the form of many requests (thousands) being made over and over again to the same URL on our server. The requests come through at a rate of around 10/second or so, and they've come from several different IP blocks. So...up until this point, I've just been denying the IP address in a .htaccess file. This is working for now, but it's not a very elegant solution. Is there a product out there that can watch the access_logs, looking for requests to come in from a certain IP at a rate higher than a given threshold, and then temporarily ban that IP address? Thanks! -Erik _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list