Rachel plays Linux on 17 Aug 2018 16:38:52 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...


Maintaining a home firewall and a commercial server are way different. At work I can't simply ban by county, though I can block some entire ISPs.

At home I lock out damn near everything

On Fri, Aug 17, 2018, 6:44 PM Rich Kulawiec <rsk@gsp.org> wrote:
On Fri, Aug 17, 2018 at 03:42:27PM -0400, Fred Stluka wrote:
> As you may have noticed, there's been a massive upswing in hacking
> attempts from China in the past couple weeks.?? My servers now get
> hit an additional hundreds or thousands of times per day.?? You may
> want to check your logs and beef up your security.

Why are you allowing network traffic from China to get anywhere near
your servers?  You should have permanently firewalled out the entire
country years ago, using the blocks carefully maintained here:

        Okean - The Goods
        https://www.okean.com/thegoods.html

Drop those into your configuration.  Update once a month.  And stop
fooling around with half-ass measures like fail2ban.

---rsk
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug