Please note this is meant to be more fun than serious security advice
Contributing to TLDR Pages has introduced me to tons of interesting and usef...
For further actions, you may consider blocking this person and/or reporting abuse
I run
fail2ban
on any internet-facing systems I'm responsible for. This article mad me curious, so I did a quick scan of my failed logins log (on my personal VPS). Results are pretty grim:logrotate
had rotated the log earlier today ...so the following numbers are < 24 hourstr
to convert them all to lowercase then ran that list throughuniq
)ssh
service, specifically)The
fail2ban
stuff gets even more grim when extended to SMTP+1 for
fail2ban
! Works like a charm. I've addedip-set
to it lately and this has helped to reduce load significantly.Yeah.
ip-set
rules are great for ensuring across-boot persistence, too.One of these days, I'll get around to integrating my deployment-configuration with a "phone home" hook that informs the configuration service, "when re-provisioning this host or provisioning new hosts, blacklist these IPs".
Thank you @bhilburn for the kind words and everyone for the warm reception!
Looks like mapbox is down for now.. :/
Unfortunately, as a consultant, I initiate connections from a wide variety of locations. Some of those locations block "weird" ports. So, moving to non-default port is generally not an option for me.