Preferred Member from CA
joined:Feb 7, 2017
So a bot has ravaged your site with a merciless scraping, done reconnaissance, tried to break in or some other bad behaviour, and you have banned it by bot UA, IP or IP of host. How long do you keep your ban? Years?
I collect the few really terrible and abhorrent host providers and ban their complete ranges. Apart from these consistently bad ISPs, I collect IP ranges, which I back date with comments. After 3 months I comment them out but keep their history, so that if they return it is easy to reban them.
Nothing stays the same, and changes can be quick quick. Bot UAs, IPs, host providers all change with time. If I keep all the bans the htaccess can get quite large, and may just be banning historical ranges and UAs.
Do you have a ban strategy or philosophy?