I’m receiving many failed login requests from spammers/bots that are trying to brute-force the

Question

0

Asked: May 15, 20262026-05-15T12:12:51+00:00 2026-05-15T12:12:51+00:00

I’m receiving many failed login requests from spammers/bots that are trying to brute-force the

0

I’m receiving many failed login requests from spammers/bots that are trying to brute-force the credentials, also I’m receiving many requests to pages like /forum/index.php.

I wrote a script to parse the IP’s of those attackers from production.log:

#!/bin/bash

# Failed Logins
grep "Failed " ~/app/log/production.log | egrep -o -e "[0-9]{2,3}\.[0-9]{2,3}\.[0-9]{2,3}\.[0-9]{2,3}" | sort | uniq > ~/spammers.txt

# Try to GET .php Files
cat ~/app/log/production.log | awk '$0!~/^$/ {print $0}' | sed -n -e "N; /\.php/p" | grep "ApplicationController#index" | egrep -o -e "[0-9]{2,3}\.[0-9]{2,3}\.[0-9]{2,3}\.[0-9]{2,3}" | sort | uniq >> ~/spammers.txt

But I can’t block (.httaccess) those IP’s until I manually check their origin by Geolocation.

Is out there a Rail-ish solution for this problem?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-15T12:12:52+00:00

Editorial Team

2026-05-15T12:12:52+00:00Added an answer on May 15, 2026 at 12:12 pm

I don’t think there is a Rails answer to this.

If you’re running on a linux server, you can look into using LFD (Login Failure Daemon). http://www.configserver.com/cp/csf.html

Once you set it up to watch your rails app, it would block them at the firewall level after enough failed logins, intrusion attempts, etc.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m receiving many failed login requests from spammers/bots that are trying to brute-force the

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply