Honestly I never bothered to look them up, they are asshats trying to break in and and I just banned them if they had 3 failed login attempts in 30 days. Because I have a long look back time I found the sqlite db to be unstable so I use postgresql for the fail2ban back end and I just pull the data from there. Now days I take a different approach and block all the IP's I can find from China, Nigeria & South Africa, that knocked out about 80% of the asshats. Everyone else gets the 3 attempts in 30 days. Although it might me a good idea to see which of those belong to mobile providers and lift those bans about 90 days in the future.
On Wed, 2020-04-01 at 15:41 -0700, Kenneth Porter wrote: > --On Wednesday, April 01, 2020 6:25 PM -0500 Harrison Johnson > <hjohnson...@cox.net> wrote: > > > I have used a concky to put data right on my desktop from the > > postgre > > server. > > That's nice for the display part. I'm thinking about what to put in > the > fail2ban action (ie. to replace action_mwl). A script that would add > entries to a DB and a systemd timer (or crontab) script that > composes > reports. The whois stuff could also be done offline instead of > within > fail2ban. > > > > _______________________________________________ > Fail2ban-users mailing list > Fail2ban-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fail2ban-users
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
