Jump to content

how do you deal with massive port scanning?

Recommended Posts


Very recently I've noticed my site being massively crawled by a few select IPs.  Mine is an academic/educational/research site so I know it 'aint gonna be YouTube popular, but when my online activity jumps to 300+ and 5+ pages of instances I know something's up!

In my CPanel error log some of these IPs are hitting my site 2-3 times per second and trying all sorts of different ports.  My site is very secure so I'm not worried about hacking, but I'm wondering if all these hits could cause performance issues.  Just wondering how people here deal with this sort of thing?  I simply ban the IP (or an IP range) but I'm sure there are other things that can be done.


Link to comment
Share on other sites

Hello ?

Scanning ports and trying ssh login is a very common task for bots ?

I can imagine that you are using csf firewall to ban that ip's.....

But bots are rotated the ip's (dynamic) so banning an ip today maybe tomorrow a valid user may get that ip and be blocked ?

My approach on that as you can see in my signature is csf+fail2ban+Nginx anti bots (by checking user agent) !

So most of them blocked from Nginx itself without banning and if the bot is very aggressive is getting ban automated for x days that i set based on custom rules but no more than a week...

I am using also the Cloudflare's API for forums that are using it so if the attack is not based on the ip of the server they get blocked at Cloudflare level.

And all that are automated !

So you may want to try something like this or research a bit more info or wait for other members to post here for other possible approaches ?

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...