[Cialug] Ubuntu question, ..
L. V. Lammert
lvl at omnitec.net
Mon Sep 25 18:50:50 UTC 2023
Interesting problem - seeing a bot attack on a website, so I banned that
IP:
#ufw status verbose
Status: active
Logging: off
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
80/tcp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
2206 ALLOW IN Anywhere
Anywhere DENY IN 100.21.24.205
So, .. how come that IP is still posting traffic in the site logs three
minutes AFTER it was denied?
52.25.208.208 - - [25/Sep/2023:18:20:14 +0000] "GET ... 200 33537 "-" "TinyTestBot"
TIA!
More information about the Cialug
mailing list