gariac Wrote:
-------------------------------------------------------
> ‎I'm assuming at this point if cookies are too much, then logins or
> captcha aren't going to happen. 
>
> How about just blocking the offending websites at the firewall? I'm
> assuming you see the proxy and not the eyeballs at the ISP. 
>
> I have my hacker detection schemes in nginx. I flag the clowns, yank
> the IPs every day or so, and block the IP space of any VPS, colo, etc.
> ‎I have blocked so much of the hacker IP space that I can go days
> before finding a new VPS/etc to feed the firewall. Amazon, Google
> hosting, Rackspace, Linode, Digital Ocean, Soft layer and especially
> Ubiquity/Nobis is probably 3/4 of the clowns. Machines are not
> eyeballs, or in your case, ear canals. Block 'em. 
>
> Oh yeah, I block Cloud Flare.

That is really excessive / over the top and holds the potential to block legitimate traffic besides with the service cloudflare offer they are fine but it is very unknown how they handle these kind of fake proxy requests and how many connections / limits on requests per second they allow from them.

Since you say you are building yourself a blacklist perhaps you will like this. (especially those who are blocked for infinity)
https://en.wikipedia.org/wiki/Wikipedia:Database_reports/Range_blocks


My solution in my first post will work and is decent for what I want to achieve I really want to know what the "$binary_" is and if I should use that. Instead in my "limit_req" and "limit_conn" fields.

http://www.networkflare.com/