- Issue created by @jmohino
- Status changed to Postponed: needs info
about 1 year ago 12:05pm 23 May 2024 In general this is a bit difficult, and a solution wouldn’t be limited to search.
The ban module → is a good first step. Pantheon hosting has an article titled Troubleshooting Traffic Events.
As a feature request this needs updating to be something the community could build.
- 🇪🇸Spain jmohino
Thanks @cilefen.
I use the ban module, and every time I block the IP, but if the attacker continually changes his IP, I can't keep an eye on him all the time and in just 2 or 3 minutes he is able to take my site down.
I think it is a big problem and should be solved, If it is complicated through Drupal perhaps someone can recommend some Apache configuration or similar. ¿? - 🇺🇸United States mfb San Francisco
The flood API provides everything you need to implement this feature - already used by other forms. (If it becomes a distributed attack then you need other mitigations too, captcha etc.)
The article I cited also mentioned https://github.com/fail2ban/fail2ban and cloudflare.
- 🇪🇸Spain jmohino
Thank you very much for the advice, I have already installed Protect Form Flood Control, and I am going to see if I am able to put reCaptcha in the search form, to see if I can solve the problem. Although I haven't been able to do it yet :D
Greetings. - 🇳🇿New Zealand quietone
Fixes are made on on 11.x (our main development branch) first, and are then back ported as needed according to our policies.
This would be more appropriately selected for the CMS build, like #3065740: Add Autoban module to Drupal CMS → .