| Rachel plays Linux on 17 Aug 2018 13:44:31 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban... |
On 17/08/2018 15:42, Fred Stluka wrote:
> As you may have noticed, there's been a massive upswing in hacking
> attempts from China in the past couple weeks. My servers now get
> hit an additional hundreds or thousands of times per day. You may
> want to check your logs and beef up your security.
>
High amounts of cracking attempts from China have been the case for time.
> See my recently posted tip:
> - Log IP addresses for fail2ban
> http://bristle.com/Tips/Unix.htm#log_ip_addresses_for_fail2ban
>
You don't even need to go through all the trouble of fail2ban. Or even
dissecting fake reverse DNS entries.
rsk on this very mailing list has said multiple times, among other
things, to simply block all of China (and any other country you don't
expect traffic from, really) from initiating connections to your
machines. In fact, the lists at ipdeny.com makes that a bit too easy.
--
Charlie "LLD_IS_LD" Li
(This email address is for mailing list use only; replace local-part
with vishwin for off-list communication)
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug