Greg Helledy on 6 Sep 2018 10:57:52 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...

For the past few years I have used ConfigServer's "Security & Firewall" tool. Besides firewalling, it includes a Login Failure Daemon which tracks failed logins and blocks IP addresses--by default at first temporarily, then permanently. I don't have experience with fail2ban but Security & Firewall is easy to use, even for a non-professional:

The reports it produces have given me an idea of what countries we get attacked from--by far the most come from the USA, followed by China, India and Vietnam. A few years back, when ISIS was at its peak, we got probed from a long series of sequential IP addresses in Iraq. That's when I enabled the blacklisting of IP blocks, and banned all IPs from Iraq and Libya.

Greg Helledy
GRA, Incorporated
P:  +1 215-884-7500
F:  +1 215-884-1385
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --