but - how do I know the IP, what are the programs for monitoring the incoming traffic.
the question was about the behavioral filter, but no one understood it.
Indeed, to find a good and free behavioral filter under Windows - the problem is now.
1. However, there is the scheme of the "mirroring" port on a dedicated machine-the referee for the assessment of traffic and "skips" the signal to lock/unlock the iptables on the server machine (the installation rules connections).
That is, this system will act as a "guard" for Your server.
2. If it is ONLY on OpenServer ports, you can configure the same system on windows, monitors log requests to a web server, analyzing it, and writing specific rules to open or close the accesses.
3. You can do a monitoring on the basis of the prepend_file=... via php.ini that is most convenient to record all requests and then analyze them.The easiest trigger:
1. The IP is from a range of subnets to search engines (or one of their IP)
2. IP is not in Your country
3. Requests to the first 3 m different pages occur at intervals of less than 3 seconds =>you can immediately lock on a selected range of network provider permanent (do not forget the services analysis web pages that You will be probably to use it - they should be in the white list).