suspect_blocker
The Suspect Blocker module is a security tool for Drupal that detects and blocks suspicious behavior, such as brute force or flood attacks, by monitoring requests resulting in errors like 403 or 404.
Features
This module identifies bursts of rapid access attempts to multiple pages, monitors requests triggering status codes like 403 and 404, and automatically bans IPs that exceed a configurable threshold of suspicious activity. Use cases include mitigating brute force attacks, preventing flood attacks, and enabling customizable security rules.
- Burst Detection: Tracks rapid access attempts ("bursts") to multiple pages within a time window.
- IP Banning: Automatically bans IPs with high levels of suspicious activity.
- Customizable Settings: Adjust thresholds and time windows for monitoring via the settings page.
- Real-Time Logging: Logs suspicious attempts for analysis, including IP, path, and HTTP status.
- Efficient Resource Usage: Uses in-memory logging for low performance impact.
Post-Installation
After installing the Suspect Blocker module, navigate to its configuration page at /admin/config/security/suspect-blocker. Customize settings such as the ban threshold (default: 5 suspicious requests) and the monitoring time window (default: 60 seconds). Once saved, the module starts monitoring your site for suspicious activity.
Additional Requirements
The Suspect Blocker module requires Drupal 10 or 11. For IP banning functionality, the Ban module is required.
Similar Modules
- Autoban -Automatic IP ban.
- Smart IP Ban - banned using flood table.
- path2ban - banned using bots paths.
- Spammer Node Add (Spamna) - banned for node/add bots.