Michael Lazin on 17 Aug 2018 13:08:46 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...


I used to use this for fail2ban auto reporting:

http://www.blocklist.de/en/index.html

Just be aware it makes server load because it sends mail via exim to report the attacks to blocklist.de, who in turn report it to the attacking ISPs.  I used to work at a large webhosting company and we would get reports from them.  I've come to really prefer using ssh key pairs which aws and azure force you to use.  Key pairs obviate the need for fail2ban.  

Cheers,

Michael

On Fri, Aug 17, 2018 at 3:42 PM, Fred Stluka <fred@bristle.com> wrote:
Linux admins,

As you may have noticed, there's been a massive upswing in hacking
attempts from China in the past couple weeks.  My servers now get
hit an additional hundreds or thousands of times per day.  You may
want to check your logs and beef up your security.

See my recently posted tip:
- Log IP addresses for fail2ban
  http://bristle.com/Tips/Unix.htm#log_ip_addresses_for_fail2ban

It describes a change I had to make to my FTP server to get fail2ban
to properly block attackers who were gaming their own DNS entries.

--Fred
------------------------------------------------------------------------
Fred Stluka -- Bristle Software, Inc. -- http://bristle.com
#DontBeATrump -- Make America Honorable Again!
------------------------------------------------------------------------

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug



--
Michael Lazin

to gar auto estin noein te kai ennai
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug