The attackers I see are persistent. When the ban expires, they continue
their attack.
I would like to have an escalating ban time for repeat offenders.
Another factor that could play into it is the number of attacking hosts
from the same ISP. Having the ban time be a bit of python code instead
of an integer would allow flexible methods for determining ban time.
Yet another factor could be the history of attack from an ISP. Bad ISPs
would be banned longer. Any thoughts on this?
Today I see 19 hosts from:
GB 45.13.39.0/24
HK 45.125.65.0/24
IE 185.234.216.0/24
IE 185.234.218.0/24
LT 141.98.10.0/24
LT 185.36.81.0/24
NL 185.137.111.0/24
NL 185.222.209.0/24
No Chinese today. Usually they are predominate.
Thanks,
Andy
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
