I've been testing a new system by the developers of login-shield,
called "web-shield" that may be of interest to people here.
For those who aren't familiar, these are two free shell-based
utilities for Linux that implement filtering of certain ports for
well-known IP space that harbors nefarious activity.
https://github.com/DPsystems/login-shield
https://github.com/DPsystems/web-shield
Login-shield protects standard login ports from specific blocks of IP
space (doesn't interfere with mail or web) - It uses the same
facility as Fail2Ban (ipset) but instead of blocking individual IP
addresses like F2B(which can take up lot of memory) it uses CIDR
blocks. It has reduced Fail2Ban triggered traffic on my servers by
95+% with no false positives... pretty impressive.
Now they have another version of this tech designed to protect web
services from system probes and hacks. It's called "Web-shield" and
it's a similar blocklist of mainly hosting companies and VPNs. The
premise is: there should not be any automated traffic hitting your
server - just organic humans (aside from well-known spiders). (If
you have a need for VPN people to access your server, this probably
isn't the best tool but in my experience, 99% of most VPN traffic are
hostile bots).
What this ends up doing is stopping a huge amount of script kiddies,
system probes, form submission scripts, and other automated
systems. Check it out if you're looking to bulletproof your server:
https://github.com/DPsystems/web-shield
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
