Message Board

Newbie/Basic Questions

Older Posts ]   [ Newer Posts ]
 Unacceptable threat score for suspicious IP
Author: G.Moore   (19 Oct 08 12:05am)
What is considered an unacceptable threat score for an IP which is considered suspicious?

Examples: 127.2.3.1 and 127.3.35.1
 
 Re: Unacceptable threat score for suspicious IP
Author: M.Prince   (20 Oct 08 12:38am)
That'll differ for every website. Suspicious IPs get assigned a threat score based on a number of factors. For example, if an IP is seen hitting a bunch of honey pots that have been installed by multiple, different users then the IP will be marked suspicious. As it hits more it'll become more suspicious. If there are a lot of other listed IPs in the neighborhood then it will become more suspicious.

The problem is that sometimes legitimate behaviors can result in a suspicious listing. I'd start with the threat score relatively high and then bring it down over time as you continue to see malicious bots on your site.



You may browse the discussion topics, but you must sign in to post. If you do not have an account, you can create one for free.

do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–25, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email