I have observed this behaviour on my cpanel shared server I have. In the beginning this issue seemed to be rather problematic but permanently banning the ip's has really brought down the number of attacks on my server from when I started with it.
In terms of your last question I am not sure to be fair. -----Original Message----- From: Gary R. Schmidt <[email protected]> Sent: 16 June 2020 09:55 To: [email protected] Subject: [Fail2ban-users] Use of rolling /24 addresses Has anyone else noticed the use of rolling /24 IP addresses to avoid fail2ban being triggered? In reviewing my logs I noticed that I was getting a bunch of attempts from 5.188.211.{14,15,16,17,...}, spread out over a long enough interval that fail2ban did not see them as a bad actor. Has anyone else seen the same? And is there a way to help fail2ban recognise attempts from the same set of Class C addresses? Cheers, Gary B-) _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
