|
Greg Helledy on 6 Sep 2018 10:57:52 -0700
|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
|
- From: Greg Helledy <gregsonh@gra-inc.com>
- To: plug@lists.phillylinux.org
- Subject: Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
- Date: Thu, 6 Sep 2018 13:57:50 -0400
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gra-inc.com ; s=default; h=Content-Transfer-Encoding:Content-Type:In-Reply-To: MIME-Version:Date:Message-ID:From:References:To:Subject:Sender:Reply-To:Cc: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=+Qpyupo/T271SzRByHLNRRpOx3UNoXoasLaK9qIs8t0=; b=kWMgJU01CJ8VmvQBr6VnTAubx1 M2KmZFPkeLiZcFSV97ayLA54HbPY4SiyOz1Mdp8wlmlcHPD7MaViUheIllvBF2MhIg8PKa75avu8y B+oa5nAwC9O44TCWmf3Ww6pmMQXTasgHBicaFiPIgv1xaTURqfHVLYij8xeC8azNdmyyJJUPQAlLe QYZOyTbuIpJX2pj/CXYxWpYhOcxDrWsVf3eBNi9mP4dKigk67bv42LXZkoSPMnP5pGNvCklYVQZLN DHhfhLQqypt7kSWL4iukBmDbYk+/O00iLCvDA8UjH0INoXbYGtfmN6y2JpTLG12ZIRHpcmCGfp2lR vOgJKz6Q==;
- Organization: GRA, Incorporated
- Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
- Sender: "plug" <plug-bounces@lists.phillylinux.org>
- User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0
For the past few years I have used ConfigServer's "Security & Firewall"
tool. Besides firewalling, it includes a Login Failure Daemon which
tracks failed logins and blocks IP addresses--by default at first
temporarily, then permanently. I don't have experience with fail2ban
but Security & Firewall is easy to use, even for a non-professional:
https://www.configserver.com/cp/csf.html
The reports it produces have given me an idea of what countries we get
attacked from--by far the most come from the USA, followed by China,
India and Vietnam. A few years back, when ISIS was at its peak, we got
probed from a long series of sequential IP addresses in Iraq. That's
when I enabled the blacklisting of IP blocks, and banned all IPs from
Iraq and Libya.
--
Greg Helledy
GRA, Incorporated
P: +1 215-884-7500
F: +1 215-884-1385
www.gra.aero
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug