I'm getting log notices of activity's such as users trying to access /js/cache/'+opts.iframeSrc+' and other suspicious looking failed Javascript and MYSQL injections.
However these seem to come from an ip addresses that changes daily. (maybe proxies or just a different connection.)
How should I deal with this? Is there a way I can add them to an ip blacklist on Apache for 24 hours, or something? The ip address is changing all the time so I don't want have a massive list of ip's that might at some point belong to potential visitors.
Take a look at Fail2ban and set
bantime = 86400(for 24h).If you use iptables, you can unban an IP with:
mod_securityis a different approach that you can use to block the access. Is a totally different approach because it will be applied from Apache but it will protect you from unknown and unexpected attacks.You can check it at http://www.modsecurity.org/
You can always install http://www.ossec.net/ and you will get all sorts of "anti-hacking" protection mechanisms, even on the default configuration! It temporary bans ips and you can add extra configurations n all, for multiple services.
If you want something simple; take a look at fail2ban or sshguard.
sshguard is arguably better as it doesn't use python and the name is something of a misnomer; it does much more than just protecting ssh. - http://www.sshguard.net/