Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2b

Fred Stluka on 24 Aug 2018 14:20:55 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...

From: Fred Stluka <fred@bristle.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
Date: Fri, 24 Aug 2018 17:20:48 -0400
Organization: Bristle Software, Inc.
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:52.0) Gecko/20100101 Thunderbird/52.9.1

Charlie,

True, China and many others have been trying for years.  My
point is that they're currently trying a LOT harder.  In the past
couple weeks, fail2ban is chasing off about 10 times as many
attempts as it used to.

--Fred
------------------------------------------------------------------------
Fred Stluka -- Bristle Software, Inc. -- http://bristle.com
#DontBeATrump -- Make America Honorable Again!
------------------------------------------------------------------------

On 8/17/18 4:33 PM, Charlie Li wrote:

On 17/08/2018 15:42, Fred Stluka wrote:

As you may have noticed, there's been a massive upswing in hacking
attempts from China in the past couple weeks.  My servers now get
hit an additional hundreds or thousands of times per day.  You may
want to check your logs and beef up your security.

High amounts of cracking attempts from China have been the case for time.

See my recently posted tip:
- Log IP addresses for fail2ban
   http://bristle.com/Tips/Unix.htm#log_ip_addresses_for_fail2ban

You don't even need to go through all the trouble of fail2ban. Or even
dissecting fake reverse DNS entries.

rsk on this very mailing list has said multiple times, among other
things, to simply block all of China (and any other country you don't
expect traffic from, really) from initiating connections to your
machines. In fact, the lists at ipdeny.com makes that a bit too easy.



___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
  - From: Fred Stluka <fred@bristle.com>
- Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
  - From: Charlie Li <ml+PLUG@vishwin.info>

Prev by Date: Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
Next by Date: Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
Previous by thread: Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
Next by thread: Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
Index(es):
- Date
- Thread