Abusive IP's catching ?

[aaltomikael]

Hello,

can anyone give me directions how to best catch the IP's of abusers that try to hack the server.

I notice that there's a lot of strange IP's trying to send bad requests to the server where EVE is listening for http-requests.

ex.:

216.218.206.67 - - [08/May/2020 15:36:45] code 400, message Bad request syntax ('CNXN\x00\x00\x00\x01\x00\x10\x00\x00\x07\x00\x00\x002\x02\x00\x00¼±§±host::\x00')
216.218.206.67 - - [08/May/2020 15:36:45] "CNXN2¼±§±host::" HTTPStatus.BAD_REQUEST -

-This IP already seems to be listed in abuseipdb.com etc.

-The server isn't even listening to port 80 and all ports are stealth, so these hacker are doing port scanning to find the listening port, so it's no mistake...

It would be perfect to catch these scum and build a local db for the FW ?

Thanks in advance !

br. Mike

[Si mon]

Hi Mike,

IMHO this should not be the job of Eve but a Reverse-Proxy in front of Eve like nginx, traefik, etc...

br

Simon

[Mikael Aalto]

Hi Simon,
your'e right,
thanx for the tip, I'll start right away...


br. Mike

--
You received this message because you are subscribed to the Google Groups "Eve REST Framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to python-eve+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/python-eve/82214039-8d68-4b93-a274-9e07f091f563%40googlegroups.com.