I'm getting log notices of activity's such as users trying to access /js/cache/'+opts.iframeSrc+'
and other suspicious looking failed Javascript and MYSQL injections.
However these seem to come from an ip addresses that changes daily. (maybe proxies or just a different connection.)
How should I deal with this? Is there a way I can add them to an ip blacklist on Apache for 24 hours, or something? The ip address is changing all the time so I don't want have a massive list of ip's that might at some point belong to potential visitors.
Best Answer
Take a look at Fail2ban and set
bantime = 86400
(for 24h).If you use iptables, you can unban an IP with: