Hello,
like nearly everyone here i am experiencing constant bot attacks trying to log in to fake or admin accounts and trying to alter code.
as it seems blocking certain ip ranges is not enough - there are just too many out there... but so far i could identify a certain behavior that starts with a scanner bot to find the login page, followed by a slow brute force attack that comes every european night.
i would like to block soem of those (partly commercial) bots and some console browsers that i find in the live traffic, always before the next attack comes.
if i go to the advanced blocking:
and type in: lynx (or) *lynx (or) *lynx* (or) lynx*
those blocking schemes don't show any blocked hits
and i see that specific browser in the live traffic still showing up.
am i doing something wrong, or do i need to type in the grey line below the user-agent too?
best regards and thank you,
you have made a great piece of work here...