I was wondering how to limit web surfers to a certain stay length or number of page views. Recently some visitors are way out of the ordinary (over 30,000 page views in one visit from one IP) in number of clicks and bandwidth usage. I've been looking on google, and aside from blocking their ips, I found that there's something called QoS, that can limit visitor bandwidth and usage. But, I don't know how to apply those in our LP account as the examples I found on the internet requires patching the kernel....

Does anyone here use such methods to limit possibly malicious web traffic? perhaps giving them a warning page to wait a certain amount of time before he can click again... or some other method?

I some times still get some strange traffic over to a website I'm managing.  This month it has greatly exceeded the normal amount of bandwidth usage and I can't find out how someone can click on the site more than a few thousand times in just a few hours to generate so many hits (more than a few ten thousand hits in less than 5 sessions). Normally a visitor will click a few pages and run up a few hundred to a thousand or so hits.

I've been trying to block ips, but I know there are some valid visitors from those places, so I'm still in need to find how to limit a user's click rate. I'd like to block an ip if they have clicked/made requests a certain number of times in a few seconds or have excceeded a bandwidth limit per ip.

Is there a script or some cgi program that will do this? while looking on google, I found fail2ban, but after looking into it, it seems that only bans failed login. is there such a program that will handle this kind of traffic? (it'd be great if it could also count the number of simultaneous visitors and redirect them to different web pages if there are too many users at one time.)

On the internet I found an article about banning IPs, sounds like this isn't really the way to go is there some other method?

here's an excerpt from that article:
http://kalsey.com/2004/02/why_ip_banning_is_useless/
IP addresses are easy to fake as well. The design principles of TCP/IP allows the sender of a packet to specify its IP address. The message will still be routed to its destination using the fake origin address. Return packets would be mis-routed, however, because TCP/IP would send responses to the true location of the IP address rather than where it actually came from. This means that IP spoofing is ineffective in situations where you need to interact with a remote server, but very effective in a one-way conversation. I can’t retrieve a Web page using a spoofed IP address because I need to make the request and then have the server send me the page. But I can send requests all day long if I don’t care about the response.

because the person can just send a bunch of data without caring for a reply, I'd like a way to stop/slow this process.

[edit] here's a link to a module that might have part of what I'm looking for but I can't be sure if it can be installed: http://dominia.org/djao/limitipconn.html

y, i have checked these out. They're coming from a few specific ips. (perhaps the same people? as when I block a few ips, then some new ones pop up a week or so later exhibiting the same pattern of mass hits and downloads.) they are not coming from spiders/robots. I do have a robots.txt, but googlebot seems to just skip over that too. If possible, I'd prefer to automatically ban/block them for a short time (say 10 mins or so), then allow them to come back later in case of people with dynamic ips.

If you are running and popular programs (ie wordpress) that have been exploited in the past. Scripts will try and exploit your install. Its not uncommon for me on the day I publish a blog to have a 1000 hits from a single script trying to exploit my secure script. They still feel inclined to keep trying, even when it doesn't work.

Causes some annoyying server load, and alot of spam for me to sort through in my comments.

As was mentioned earlier - having IP bans won't really protect you if the script is trying to exploit your site, and really doesnt' care what content you send it back.