I have a non-public web server that's getting Let's Encrypt certificates. I
wrote
a PHP program to lookup the Let's Encrypt addresses and add them to a
ipset. My firewall (I'm using Shorewall) does an ACCEPT for port 80 on
anything in the ipset.
I'm attaching the email from the Shorewall
--On Monday, June 03, 2019 4:23 PM -0400 Terry Carmen
wrote:
I run ssh through a VPN tunnel, so the attempts never show up
I had been banning them, however it ended up turning into a problem
because my drop rules list was getting huge and causing a performance
problem.
How many probes do
I run ssh through a VPN tunnel, so the attempts never show up
I had been banning them, however it ended up turning into a problem because my
drop rules list was getting huge and causing a performance problem.
On June 3, 2019 2:54:57 PM EDT, "Preston, Douglas via Fail2ban-users"
wrote:
>I
I require keys for ssh, any invalid password attempt gets banned after 1
try.
On 6/2/2019 8:05 AM, Kenneth Porter wrote:
I've noticed that almost all the ssh attacks on my hosts are against
usernames not remotely similar to legitimate users on my machine.
They're mostly service names or the
I found ssh attacks to be incessant ans unrelenting. I ended up just changing
the default port ssh port to some five digit unused port.
If that is an option for you, I would highly recommend it, as it has worked
great for me.
On June 2, 2019 5:05:00 PM GMT+02:00, Kenneth Porter
wrote:
>I've
Hello Kenneth,
My answer is kind-of off-topic (not Fail2ban), but you may be interested
nonetheless.
I wrote, and published as free software, a log peruser (named Pyruse),
that can replace Fail2ban. With Pyruse, what you describe is easy.
Of course, I’ll let you make your own mind, based
I've noticed that almost all the ssh attacks on my hosts are against
usernames not remotely similar to legitimate users on my machine.
They're mostly service names or the names of admin logins for routers.
Is there some way to look for just those attempts, perhaps based on a
list of