|
I see plenty of good suggestions here...
But it all depends on your config.
Learn how to track all of your log files daily so you can see what is going on.
A Pain it is but it's the only way.
You will be hit from IP's from compromised servers, so doing IP blocks above your firewall can be hard to execute depending on who your intended audience is. You don't want to limit or prevent the folks you are catering to.
You will have to use a all of the above type approach to what fits your circumstance.
If you are using popular software like a WordPress engine, it makes a double layer of hack potential, but stick with it as it's easier and faster to find/fix holes in the software.
If your targets are in one country, a firewall IP whitelist for it is a good start.
You can further follow that up in .htaccess
And keep FTP access off if you don't need it. Change all ports to non-standard ports.
Don't make it easy for some kid following a how-to on the web.
Watch your logs like a hawk.
edit...
I was getting 24 hits a minute at certain times of the day.
Blocking countries that do not speak the same language was the first step.
If you are looking to just bock single IP's...
There is no end to them through all the compromised systems, so good luck with that.
Most times those compromised systems do not know they have been compromised as everything works as normal. So everyone should monitor their own bandwidth usage for that sign.
I have over 1 billion ip's blocked and still get 600 hits a day on average poking at the system.
That continues to shrink everyday by monitor and action.
|