* Mike <t...@rohms.com> [06-04-19 16:47]: > > It would be nice to have some kind of shared attack list we could use, like > DNSRBL. > > > The attackers I see are persistent. When the ban expires, they continue > > their attack. > > > > I would like to have an escalating ban time for repeat offenders. > > Another factor that could play into it is the number of attacking hosts > > from the same ISP. Having the ban time be a bit of python code instead > > of an integer would allow flexible methods for determining ban time. > > Yet another factor could be the history of attack from an ISP. Bad ISPs > > would be banned longer. Any thoughts on this? > > > > Today I see 19 hosts from: > > > > GB 45.13.39.0/24 > > HK 45.125.65.0/24 > > IE 185.234.216.0/24 > > IE 185.234.218.0/24 > > LT 141.98.10.0/24 > > LT 185.36.81.0/24 > > NL 185.137.111.0/24 > > NL 185.222.209.0/24 > > > > No Chinese today. Usually they are predominate. >
here is my list banned for ssh/postfix/relay/http/etc http://wahoo.no-ip.org/~paka/ipset.blacklist.txt -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
