On 7/8/20 3:29 PM, Mike wrote:
As an aside, instead of using a recidive jail, I've been using a more
permanent ban of login ports using this system
https://github.com/dpsystems/login-shield
This also includes logging of banned connections and some analysis
reports.
That is an original/unusual approach... The software seems to be merely
a list of IP ranges that get blocked with iptables. I figure the list of
IPs need to be updated somehow via git update ? this also means the list
is updated by the (sole) maintainer ? also via git ?
A more usual approach is to have a client/server architecture where each
client that detects an offending IP uploads it to the server. All other
clients will then recieve the new IP and add it to their block list
(even if it hasn't tried to break in yet), sort of how some antivirus
and some spam detection software work.
Yassine.
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
