It would be nice to have some kind of shared
attack list we could use, like DNSRBL.
The attackers I see are persistent. When the ban
expires, they continue their attack.
I would like to have an escalating ban time for
repeat offenders. Another factor that could play
into it is the number of attacking hosts from
the same ISP. Having the ban time be a bit of
python code instead of an integer would allow
flexible methods for determining ban time. Yet
another factor could be the history of attack
from an ISP. Bad ISPs would be banned longer. Any thoughts on this?
Today I see 19 hosts from:
GB 45.13.39.0/24
HK 45.125.65.0/24
IE 185.234.216.0/24
IE 185.234.218.0/24
LT 141.98.10.0/24
LT 185.36.81.0/24
NL 185.137.111.0/24
NL 185.222.209.0/24
No Chinese today. Usually they are predominate.
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users