Danny B. wrote:
In my 404 log I often see various hacking and spamming
attempts looking for
known website weaknesses.
I would like to propose to totally block such IP addresses from accessing
Toolserver.
What do you think about such approach?
Nearly every Web site on the Internet experiences constant "attacks" from
bots and scripts. Some try exploiting weaknesses in SSH, others try
exploiting weaknesses in server-side code (XSS), and still others try to
exploit weaknesses in the Web server software (Apache, ZWS, etc.) or
whatever else is possible exploitable. The answer is to these attacks is to
write and run secure code. Attempting to play cat-and-mouse games with the
infinite number of possible attackers is a very bad and costly approach.
If load becomes a problem (denial-of-service), it becomes a different
matter, of course. But it's generally not worth sysadmin time to block such
attacks unless (and until) they're actually problematic.
MZMcBride