I found ssh attacks to be incessant ans unrelenting. I ended up just changing
the default port ssh port to some five digit unused port.
If that is an option for you, I would highly recommend it, as it has worked
great for me.
On June 2, 2019 5:05:00 PM GMT+02:00, Kenneth Porter <sh...@sewingwitch.com>
wrote:
>I've noticed that almost all the ssh attacks on my hosts are against
>usernames not remotely similar to legitimate users on my machine.
>They're mostly service names or the names of admin logins for routers.
>
>Is there some way to look for just those attempts, perhaps based on a
>list of commonly-attacked usernames, and instantly ban them without
>waiting for retries? The logic I'd need is something that matches the
>username against a list, perhaps loaded from a file.
>
>
>
>
>
>_______________________________________________
>Fail2ban-users mailing list
>Fail2ban-users@lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/fail2ban-users
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
