No cross-site or tracking cookies are stored by this website.
This website is served via nginx, and the access logging is enabled. The
fail2ban tool uses these logs to block bad request and to do rate limiting for bad bots.
I clear these logs once every two weeks and is not inspected for any other purposes other than to block bad actors.
If the request hits a 404 page (non-existing page), or sends me bad POST requests (this is only done by bots), I log their IP to temporarily block them if uncaught by the
fail2ban. These IPs are cleared once in every two weeks and are not backed up in any way.
I am currently searching for ways to do the blocking without storing the IP in plaintext, the blocking tool I use (
fail2ban) does not allow banning hashed IP addresses.