You could also temp-ban those IPs for a few hours and save yourself some CPU and... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		NateEag on Jan 2, 2024 \| parent \| context \| favorite \| on: Fail2ban Sucks (2020) You could also temp-ban those IPs for a few hours and save yourself some CPU and bandwidth. It may not seem like much, but I spent a year or two adminning a >1 million reqs / day cluster, and it does add up. Auto-banning this type of obvious offender (with fail2ban, as it happens) did result in a noticeable improvement for us.

pepa65 on Jan 2, 2024 [–]

You could indeed (temp-)ban them based on logs. Of course it is a huge improvement, if you catch offending IPs early, they never hit any app.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact