I posted last month about a project I've been working on that I want to share with the F2B community. This is a set of companion scripts that work as an additional protective layer in harmony with F2B doing some wholesale blacklisting of selected ports.
https://github.com/DPsystems/Login-Shield I'm really seeing some pretty impressive results. For example, here are the stats from the last 10 days using my scripts: >From Nov 17 3:32:03 to Nov 27 10:10:01 Period: 10 days # attacks: 62 # attacks blocked: 7981 Total attacks: 8043 # attacks/day: 804 % of attacks blocked by login-shield: 99.23% I'm seeing anywhere from 93% to 99% effectiveness. The vast majority of system probes are being stopped cold. F2B takes care of the rest. If you're looking for an extra layer of protection for login ports, consider these blacklist/scripts - I welcome any feedback and comments. I'm now working on another set of scripts to handle web probes - blacklisting known VPN and proxy systems that are trying to run cross-scripting attacks. DP
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
