Collaborate Disseminate
Please note, I’m looking more for established documented best-practice rather than personal opinion in this question. I’m also not interested in Fail2Ban specifically but the class of technologies that Fail2Ban is a member of.
Fail2Ban et … Continue reading How does fail2ban et al deal with the IP neighbourhood of badly behaving IPs?
The uTorrent client was recently updated to fix a null pointer dereference (CVE-2020-8437), discovered by [whtaguy]. Triggering the dereference simply crashes the client — so far an actual RCE hasn’t been found. Given the nature of the null pointer dereference, it’s possible this bug is limited to denial of service. …read more
Apps such as Fail2ban and DenyHosts enable unix administrators to limit username/password combo attempts to typically 3 attempts. But why 3? Some admins enable more, like 6 or 8 giving honest users a little more slack when making different… Continue reading Limiting number of combo attempts with Fail2ban and 128 bits of entropy
I know what fail2ban does; it monitors the firewall logs and finds ip addresses that have too many failed logins to ssh; and then tells the firewall to drop packets from those addresses.
So is fail2ban an IPS?
Continue reading Is fail2ban an intrusion prevention system?
Is there any advantage to me installing fail2ban on my VPS web server? As far as I understood, fail2ban’s only purpose is to stop bruteforce and dictionary attacks by preventing consecutive password logins from the same IP addresses.
If I… Continue reading Do I need fail2ban if I have a strong password?
My server currrently has very strict fail2ban rules, which permanently and persistently ban any ip that fails to login once on all ports.
This might seem overkill, but most ports are “private” ports (meaning only I should acc… Continue reading Fail2ban: Ban ip on all ports exept HTTP[S] (or group of ports)
I know that fail2ban is mostly used for blocking IPs trying to brute force an SSH endpoint and other stuff like that.
However, I am wondering if you could also use fail2ban to detect (not necessarily prevent) suspicious acti… Continue reading Using fail2ban for detecting suspicious activity whitin a webserver
I installed fail2ban on my VPS and there is a lot of activity (a lot of bans).
I’m worried about search engine bots as my server contains websites.
I am about to apply some custom scripts to not block at least Google Bot, bu… Continue reading Does fail2ban take in consideration search engine bots?
I am implementing a home alarm system with raspberry and I need to access it from the external network. The initial idea was to use cascade VPN and ssh (in my university to connect to the cluster I had to first connect to the… Continue reading Access from external network safely to raspberry
I have new web server running nginx. The default server is receiving 10K+ requests every day from Russian bots. They are clearly probing for something, but it’s hard to say what since the requests are partially hex encoded…. Continue reading Block hex encoded requests using fail2ban