I some times still get some strange traffic over to a website I'm managing. This month it has greatly exceeded the normal amount of bandwidth usage and I can't find out how someone can click on the site more than a few thousand times in just a few hours to generate so many hits (more than a few ten thousand hits in less than 5 sessions). Normally a visitor will click a few pages and run up a few hundred to a thousand or so hits.
I've been trying to block ips, but I know there are some valid visitors from those places, so I'm still in need to find how to limit a user's click rate. I'd like to block an ip if they have clicked/made requests a certain number of times in a few seconds or have excceeded a bandwidth limit per ip.
Is there a script or some cgi program that will do this? while looking on google, I found fail2ban, but after looking into it, it seems that only bans failed login. is there such a program that will handle this kind of traffic? (it'd be great if it could also count the number of simultaneous visitors and redirect them to different web pages if there are too many users at one time.)
On the internet I found an article about banning IPs, sounds like this isn't really the way to go is there some other method?
here's an excerpt from that article:http://kalsey.com/2004/02/why_ip_banning_is_useless/
IP addresses are easy to fake as well. The design principles of TCP/IP allows the sender of a packet to specify its IP address. The message will still be routed to its destination using the fake origin address. Return packets would be mis-routed, however, because TCP/IP would send responses to the true location of the IP address rather than where it actually came from. This means that IP spoofing is ineffective in situations where you need to interact with a remote server, but very effective in a one-way conversation. I canít retrieve a Web page using a spoofed IP address because I need to make the request and then have the server send me the page. But I can send requests all day long if I donít care about the response.
because the person can just send a bunch of data without caring for a reply, I'd like a way to stop/slow this process.
 here's a link to a module that might have part of what I'm looking for but I can't be sure if it can be installed: http://dominia.org/djao/limitipconn.html