On Mon, March 14, 2022 11:14 am, Anna âCyberTailorâ via Fail2ban-users wrote: > On 2022-03-14 10:48, Harold Hallikainen via Fail2ban-users wrote: >> Sorry if this is an old question or one with an obvious solution. I have >> been using fail2ban for quite a while and really like it! But, in >> reviewing logs, I see hundreds of ssh login attempts each day where >> there >> is only one attempt per IP address. I suspect this is a bot net and >> would >> like to ban them. Is there a command line method of telling to fail2ban >> to >> ban ALL failures (not just multiple) in the past day (or other preiod)? > > Fail2ban can't protect from such botnets. > > https://bsdly.blogspot.com/2013/10/the-hail-mary-cloud-and-lessons-learned.html > Thanks! Great article. I was hoping that I could occasionally run a command that would block every IP login failure currently in the log. I guess the issues might be that the list in IP tables would get very large and that even then, it would be a very small portion of the botnet that is trying to break in. Are those indeed the issues? If so, I guess I'll scan through hundreds of login failures in the logs every day. Thanks! Harold -- FCC Rules Updated Daily at http://www.hallikainen.com Not sent from an iPhone. _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
Re: [Fail2ban-users] Command line ban all failures?
Harold Hallikainen via Fail2ban-users Mon, 14 Mar 2022 11:54:17 -0700
- [Fail2ban-users] Command line ba... Harold Hallikainen via Fail2ban-users
- Re: [Fail2ban-users] Comman... Anna “CyberTailor” via Fail2ban-users
- Re: [Fail2ban-users] Co... Harold Hallikainen via Fail2ban-users
- Re: [Fail2ban-users] Comman... Billy Staggs
- Re: [Fail2ban-users] Comman... Doug Preston via Fail2ban-users
- Re: [Fail2ban-users] Co... Harold Hallikainen via Fail2ban-users
