|
Charlie Li on 17 Aug 2018 13:33:42 -0700
|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
|
- From: Charlie Li <ml+PLUG@vishwin.info>
- To: plug@lists.phillylinux.org
- Subject: Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
- Date: Fri, 17 Aug 2018 16:33:25 -0400
- Autocrypt: addr=ml+PLUG@vishwin.info; prefer-encrypt=mutual; keydata= xsFNBFe4p7sBEADHSqa7WkWYRhRiAYsECn4Ek29AkNS7SF4YAbZTzg+3xkPL5cM5zbNCR4U4 o99wC0Y5wQn9y9X9wM16k1AxBkeQ7Dgh+AjxYGnwDjyrVdx9fcId8dQvLV/xw4V2b5CtU0Et M9IE3MDOkgLtWJamTWIL/MfrNgWk5nRZDBhDcygkTO87t0Pi4WC/QQ3TrrDya6FbBPI7I5Y2 0arX2LAeXqJ6pF7uPfjqogKy3UL+t++9nTG6FNR2oftlts1AB+kGHXJf1GiewXLpPEJTGlXx P+XGhjALqJkFw6azELYKjZcd9zGEOWiKJKp2c2RUDdEJHy+cm6cJ8g7dabVA4ZXs5O7NzeMr on7xFbBx/l/0qHux+d7gS4Z+GJ9WGvzvuj4L8MLgA0eaNzn564RJ5FCtPpaulMhcSc78LhZs NCN3rq8VxsxNrIFTlvnLdLsTNITZOKXnyalE9WlM3cK6UlQaagShhO3FliI2hIOW7j4QWJZC Thynnnj5wIAOgKv1WKFwnKJsMfsohIME6uqmt5AcH5okXGZCcBJx30+enqsoEYOvg0pi5oY7 6F/bQdvHzY2prjeujo0oJhVSeRpv5tjEUBDjX525SPNqvr4uddHiavrFBkesOh7nnOjsEMZ1 i5Q6iZrQpteoafFZTld7tfLw8gMwyiSleKN+x7tJG1H3d1Bd7QARAQABzSFDaGFybGllIExp IDx2aXNod2luQHZpc2h3aW4uaW5mbz7CwYAEEwEIACoCGwMFCQPCZwAFCwkIBwIGFQgJCgsC BBYCAwECHgECF4AFAlfq/VYCGQEACgkQtQ4IJhNZSS0i+g//fRJwTJHY/sjK0T0Mh0PzwSnm OSYEcscxTuMR9BQaXPMFjEPpArtms0Wd9S29BgzLB+F7To9MCFGiDB6yvF5fba4Zz+oJ9hB8 lJ3lvY1Hr/hxdxK6Etzl/oXM8LN08Hi9XrHDWm1yuLLJvpaynoOGotZYDLoh0hPomPp3j1w/ BcVK6cRCUArAhXwH0HWTKYlZcRsL/paTXvVgi0TKqF29u2ADhjukQh7qAwcZebC+FfxV9On4 1gCkco144JJX77Ak7g/IWeJy7MJCzbwH41PNyn/X5lwv5N+4cKcGlSOi1ndJuySY2G2Pr1Wu rRyUQ/BF70/laaQOsd5Eg4QimzhOJ3G7QqtYOCZdFBvRs4i3ht0tyKgh4NIr9Zl6FaX/AsDJ d1PBdaWdUaY3NHEDFHtntL9xWxdc+UM21fMqAh+TK4zY+FhaudZO1MdBjrMd8ukjpveaoWZJ NgFageX28AWqxFpOhcPDchkUnydqmEEnl87zuZ8OS+HilDH4JzVGAnYrCG4+/h0b9V4QGevS Jp5lnmSXv2/YFkTDHSXmyBTXrVCjfZM3zH9I+3unYxwio0iAhj8sE4gD2Mx53fmBzoS/3ckf dbG0rZ2lecEFiWez4wn7YTHWLl2ujmeBbhjoyY5JPjvOCkn2Gbcy7tJZqTW7ajkWzZQcexyW 7lLoCkCXz9zOwU0EV7inuwEQAOaRmAfkM3cDXbGYr+8QZ08T037xFyTx3pPtfg74BaL1DF5o 4nr7XG410rHT3biOUxH3Gk7NILQibA746zm/TKjj8m/S4xc+aGA8l/Wx34C/6UO+zUNg0Cpz Vynmwtvj6oh/guoPuO2mELf0tQTXEP8vo4nRVcuYlDm0VKHS5OFadlZuYc8vlCx3jOC0vXyC DUKSZu5HdcP3a75OUrHFa7fS6A6n4J8/OKyiXXO9+tUielafHv0zF4Enl7pJgRXLPoJm5FZk RQWNdltVXtfPeOvhM8Plwk5XXjkNShGhsCzTF56f2DUlHCXJQAVDHAbYuscifUY+2HrA41SY SMM1nS5YpQXRWOMuxeh1xwia1GNvgaJdaucCKZ4Fff1F6YuTPKGCOEOifRPoLfO6Te93o2Fs NvNWutiCO0jJj1rlLLdV44chMbiOIsdMtsMpj5/T/Jrm7aD2NvWXJy5+aDyqjmE529oVBYha ouX9XEeWzUL5MxdqgT2LlmBv/y6XbXhXTOUHBBQyCBbqDqiQOWPtOkusiCajTyY0lsM3gR24 +igkJEMND+kJmMdn7G8pSKy7LgRlW4haGmz+80xfMf593APbzlnGB8gD0aH7/ejYCMkGaYz+ ZwFopkl0I4QQxSc3tvVljDhWNyGZxz2Dw4DNALHiG6xmESX00itf2zMPABMrABEBAAHCwWUE GAEIAA8FAle4p7sCGwwFCQPCZwAACgkQtQ4IJhNZSS3BIxAAsXD7PgkrQWu1DunaiPlL0MbR gv2evjY+2cLdpMt8Je3+e25r8JTbPKIV1QY3q0ju0yXgWLW0dM1hWSVpsQURLNyFYnivXt4q rLuDv4T/xTUo/xuV0rUOXp+oTDVKQ7KhpvKtaZFkP0a1z0pVFJbk7AI5UkQ4+lcuyTqzawxd vxn41s/FNKIxXTtj0PAgthzE0ZivAIj4USRaULC20ZvOYFW6rc10UPmrkLsrfXepakGBc0KJ EajF8LiOUqPE4c4BH2CoeEFu+e5OJAAl4kjj/CuNvtlko1Qjd31HPpMaha4l/WAd4kKPmMeW WuRxFkOwkkJFKW2ycH837Njl8Jn6dFSpgZ5/DPBvRdBXjAgDhySr2h9Zn5b6svtnh1ByKJKv ovzp+64IRqfotlLK3J9X1eKHlq10SyprH6IlxsGyXi987ZeV6/04UUAdmPXio/Enxbtna7D2 Cvo+aXTGM9Yu/YwxfmkWRJvEUUzqCOq63Z0Aa5ckOi+8FLUj3ZryS3ctmph/x/flN+ab4R22 pDL8LW1kwMH4Y4krv7l4GBgJPzkBGmonMclGf19i9zwC3TV8oSQ26cyi5d6QmuE3KN9NuLrD CJo3QQ3fpqQrnJbtd0M6fjuKWN0o7UTVEkcOXWWRF85d33VXG8XTDXEJmAJsELG7txDPNZ9o FqGGsWKHymE=
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed; d=vishwin.info; h=subject :to:references:from:message-id:date:mime-version:in-reply-to :content-type; s=fuccboi12; bh=1k48iWQmYeeXtRLAKpWrNhhVYCb2dZKA1 zKP43U+ACk=; b=IsKTJxvsEm5lG+dfUKq7kuiSh5qyPYvmER5DGH1s7R6bKTjJY GRA/lMRhJIOxfd27y3fzlYh9TYODf9no80gg+wweEVLJTOQ3IfP3Qc7a7VpgRhNj 09vBXx2951Cy09vCmRKs/wAtgDnbbGw3lp9PPSru5aY5IeSc9rkBlmUrdzHimtnW w4hCHdDAOCg8eI5PKHXGWe67alXkC4MtXrDgSxyBvgPS+LX3Bb40uYD0CGo8kedx ZX8cUSSt9lH0DZQBqciyYVyaIgGZzoEdDbZLO+5pWtOpWh7HJlv2qOZhFM6KuoUg /CH6YI7aUY5zEq31fkxpCRZiyG9en9fknEnVw==
- Openpgp: preference=signencrypt
- Organization: PLUG mailing list
- Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
- Sender: "plug" <plug-bounces@lists.phillylinux.org>
- User-agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.0
On 17/08/2018 15:42, Fred Stluka wrote:
> As you may have noticed, there's been a massive upswing in hacking
> attempts from China in the past couple weeks. My servers now get
> hit an additional hundreds or thousands of times per day. You may
> want to check your logs and beef up your security.
>
High amounts of cracking attempts from China have been the case for time.
> See my recently posted tip:
> - Log IP addresses for fail2ban
> http://bristle.com/Tips/Unix.htm#log_ip_addresses_for_fail2ban
>
You don't even need to go through all the trouble of fail2ban. Or even
dissecting fake reverse DNS entries.
rsk on this very mailing list has said multiple times, among other
things, to simply block all of China (and any other country you don't
expect traffic from, really) from initiating connections to your
machines. In fact, the lists at ipdeny.com makes that a bit too easy.
--
Charlie "LLD_IS_LD" Li
(This email address is for mailing list use only; replace local-part
with vishwin for off-list communication)
Attachment:
signature.asc
Description: OpenPGP digital signature
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug