Greg Helledy on 6 Sep 2018 10:57:52 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...


For the past few years I have used ConfigServer's "Security & Firewall" tool. Besides firewalling, it includes a Login Failure Daemon which tracks failed logins and blocks IP addresses--by default at first temporarily, then permanently. I don't have experience with fail2ban but Security & Firewall is easy to use, even for a non-professional: https://www.configserver.com/cp/csf.html

The reports it produces have given me an idea of what countries we get attacked from--by far the most come from the USA, followed by China, India and Vietnam. A few years back, when ISIS was at its peak, we got probed from a long series of sequential IP addresses in Iraq. That's when I enabled the blacklisting of IP blocks, and banned all IPs from Iraq and Libya.

--
Greg Helledy
GRA, Incorporated
P:  +1 215-884-7500
F:  +1 215-884-1385
www.gra.aero
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug