Ron Nascimento via plug on 17 Mar 2021 13:34:43 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Web Ass Pfirewall

Have you looked at fail2ban?

Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs
that show the malicious signs -- too many password failures, seeking
for exploits, etc. Generally Fail2Ban is then used to update firewall
rules to reject the IP addresses for a specified amount of time,
although any arbitrary other action (e.g. sending an email) could also
be configured. Out of the box Fail2Ban comes with filters for various
services (apache, courier, ssh, etc).

On Wed, 2021-03-17 at 16:29 -0400, Ron Mansolino via plug wrote:
> I have a vps that I don't do too much with, essentially a dev server.
> Because it sits out on the net it logs an unwieldy number of 
> intrusion attempts and nosey infogathering requests.
> I've been manually filtering these with iptables, but that isn't
> scaling well (and it's impossible to block cloud services that
> continually allocate new netblocks). I'd like to block all of AWS,
> GCP, etc, but it's like playing whack-a-mole. I could use some
> suggestions for a WAF that I won't eventually have to pay for.
> also, did the posting rules change here? I don't check here often,
> and things aren't working as I expect them to.
> _____________________________________________________________________
> ______
> Philadelphia Linux Users Group         --       
> Announcements -
> General Discussion  --  

Attachment: signature.asc
Description: This is a digitally signed message part

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --