Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2b

Rachel plays Linux on 17 Aug 2018 16:38:52 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...

From: Rachel plays Linux <rachelneko@gmail.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
Date: Fri, 17 Aug 2018 19:38:36 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=A4BfZ00A6Cgov8UegAwb0zQzN8KdpEsB1pVgK8romWs=; b=SxxHSoqpo1TM4VHJBX/LKSrb7hYJp0TkECG5QHGI6D40wDhKQL1wI4oeIp5mkOYVUY vU5OW+XubBGc2njAeW+n8kmne1H65oDCBGoWxU1thGT5ODC/el+GwRZgtFdB5rh86kYW MGZEunW1X35UNFpz9vLTTVIhEr1Nv39oBh0j8LPnxzlNrQS+1gLKvWriuDqZBh4EJDMk hvE3jISHUCT2d5sYG4FjUSbioWek6+NSPWdQEgZB1w6Apk+p4C3vH1upoU65TVECBWHm goe1BO7rFkgJmwVWlYQ81UwqD4J2nG3SviWYAoE+wO67e9qQxftvuj7hk6V5vngq4lNw qCCg==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

Maintaining a home firewall and a commercial server are way different. At work I can't simply ban by county, though I can block some entire ISPs.

At home I lock out damn near everything

On Fri, Aug 17, 2018, 6:44 PM Rich Kulawiec <rsk@gsp.org> wrote:

On Fri, Aug 17, 2018 at 03:42:27PM -0400, Fred Stluka wrote:
> As you may have noticed, there's been a massive upswing in hacking
> attempts from China in the past couple weeks.?? My servers now get
> hit an additional hundreds or thousands of times per day.?? You may
> want to check your logs and beef up your security.

Why are you allowing network traffic from China to get anywhere near
your servers? You should have permanently firewalled out the entire
country years ago, using the blocks carefully maintained here:

Okean - The Goods
https://www.okean.com/thegoods.html

Drop those into your configuration. Update once a month. And stop
fooling around with half-ass measures like fail2ban.

---rsk
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
  - From: Rich Freeman <r-plug@thefreemanclan.net>
- Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
  - From: Rich Kulawiec <rsk@gsp.org>

References:
- [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
  - From: Fred Stluka <fred@bristle.com>
- Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
  - From: Rich Kulawiec <rsk@gsp.org>

Prev by Date: Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
Next by Date: Re: [PLUG] Virtualization clusters & shared storage
Previous by thread: Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
Next by thread: Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
Index(es):
- Date
- Thread