Activate human challenge–response test to user who is about to be denied access. Grant access on challenge success. This will ensure, human behind a bad ip, who are about to be fired, may still be granted access if they successfully challenge a simple images test.
Guru user - Let's have a sample scenario:
- X is a hacker. He has an automatic program that injects malicious code when it found a vulnerability. Moreover, he has been engaged by your worst concurrent. He knows you have an active website.
- Two seconds passed, 10 urls scanned, he notices that he has no data; nothing!
- He decides to check this manually.
- The Firewall has denied access to his ip.
- Captcha feature is already activated to authorize any ip upon successful challenge test.
- Because it's an automatic program, it has been blocked by the captcha.
- Now the hacker has opened the browser and is seeing the captcha.
- He successfully challenges CAPTCHA, has been granted access from firewall, relaunches the malicious program, and attempts to hack you website.
But this scenario can not happen. The Firewall will keep special attention on this user once he has passed the CAPTCHA. If the user behaviour is suspicious, it "kills" him.