On Wed, May 22, 2019 at 12:14 PM Mike <t...@rohms.com> wrote:
>
>
> Aside from the other recommended advise, I would suggest if possible,
> move your ssh to a non-standard port. This will block a ton of
> script kiddies.
>
Also, if you can (and have not already done), disable password
authentication.
>
> >On 22-05-19 12:12, Steven Barthen via Fail2ban-users wrote:
> >>Hello
> >>I'm using fail2ban with shorewall to get rid some nasty scanners.
> >>As the amount is getting worse, I increased the time for my bans on
> >>SSHD to 7 days as I recently got 1400+ connections a day and I
> >>wanted it to stop.
> >>But I experienced that even with that 7 days ban, the keep
> >>connecting every ~ 10min.
> >>Still ending up with 30-40 connections per IP.
> >>So I cleaned my jail.local an only kept default, sshd and the
> >>issues stay same.
> >>Im using "shorewall" as banaction, and it works well for the most part.
> >>I can use "shorewall show dynamic" to see all the IP that are
> >>banned ending up there.
> >>BUT after some time, ~9min the ban just disappears from "shorewall
> >>show dynamic" list. And the fail2ban doesnt show an "unban" event.
> >>Shortly after that the IP connects, is detected and banned again.
> >>I manually added IP's to the shorewall banlist and I can say that
> >>they don't disappear the same way the fail2ban IP's do.
> >>so for examle this list with custom and fail2ban IP's
> >>Chain dynamic (5 references)
>
>
>
> _______________________________________________
> Fail2ban-users mailing list
> Fail2ban-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
