ravikumar22 wrote: ↑Fri Jun 06, 2025 4:48 pm
Yes, this can happen if your server uses caching or a CDN like Cloudflare.
I'll look into that, thanks. I know I don't have those, I'll see if the host has those things tied in somehow.
ravikumar22 wrote: ↑Fri Jun 06, 2025 4:48 pm
Bots may rotate IPs
I'm no expert, but I programmed somethin I THINK will help detect and defend against that.
@Paul, It was really an exercise on my part, I had two goals 1/ didn't like the whos online feature set, I wanted to see more information at a glance to make an immediate decision on what to do, and have a direct link to where I can get even more detailed info. 2/ I wanted to build a logic that would look at more than just the immediate transgression, I wanted something that would look at the transgression history, time range, ip range, and more of the IP and then take action to add or remove IP from htaccess, archive, blacklist, and more. I hated having to deal with manually staying on top of htaccess entries for putting IPs in and removing them because IPs rotate, and I've come to not like dealing with modsecurity....which by the way you say is awful.
Anyway, mine does auto and manual blocking/unblocking in htaccess OR redirect and warning of IP by country name, plain IP, or octet (1, 2, 3). Rate limiter, "suspicious visit" detection, honeypot with keyword detection on all forms including journals, whitelist, blacklist, archive, export for firewall, and a few more things. Most of all, granular configurability of how it will take action on each aspect. I might sell it in a few months, I don't know.