AlexK - 12:19 am on Jan 27, 2006 (gmt 0)

StupidScript:

has it been a featured issue the entire time you've had this server?

Was a (big, surprising) issue from the first day that the Firewall was installed, some months back. I was tired of the number of people trying to SSH into the box every day - often scores of IPs, sometimes thousands of dictionary attempts. It was tiring, so I got my host to Firewall them out.

It is worth pointing out, I think, that I've been concentrating on TCP:80 packets. There are also a very large number of UDP and also some TCP:some-port-other-than-80 packets also being rejected (on 24 Jan, 504 TCP:80 IPs and 99 not-TCP:80 IPs). They are definately attacks (unless you can suggest a good reason why UDP packets should be coming at my box).

The conversation has been very useful - the practical value for me has been to perceive that, assuming no bugs--hardware or software--come to light, the TCP:80 packets should be REJECTed rather than DROPped. That one step should improve the perception of the site enormously. I would rather get to the source of the problem, however.