> On 05 Mar 2019, at 10:00, Dominic Raferd <
>> Fail2ban is (as you know) a way to tackle it.
LuKreme wrote
> At 1000 connections a day I don’t think fail2ban or sshguard or whatever
> is going to save you anything at all.
On Wed, 6 Mar 2019 at 03:51, Mayhem <mayhe...@gmail.com> wrote:
Oh, I was getting a lot more than 1000 per day - just one IP address was
doing 1,000 requests every 8 hours.
As a test only, I setup fail2ban at 3PM so that any IP that is on a DNSBL
and attempts to connect twice in a 15 min period gets a 12 hour timeout. By
5PM, only 9 IP addresses made it on the ban list.
Having those 9 IP addresses banned, I've only had 6 connections total from
spambots in the last 2 hours. It's an unbelievable difference. I had to send
myself test mail just to be sure the mail server was still working.
So it's only a handful of IP's causing all the "issues".
On 06.03.19 06:47, Dominic Raferd wrote:
Have you considered using abuseipdb? It provides mechanisms (including
via fail2ban) for uploading bad ips as well as for downloading, so you
might be helping the rest of us too. I download their list 3x per day
and apply it to incoming mail before any DNSBL lookups. It doesn't
pick up much, but every little helps.
looking at it now, I got error 522 between cloudflare and abuseipdb reported
:)
and it looks like just another blacklist.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam = (S)tupid (P)eople's (A)dvertising (M)ethod
