Indeed. I used to fail2ban ssh attempts from other than my home ip 'one' address. I had over 100 countries hitting me, with the vast majority the usual APT countries we've all read about. That said, geoip fencing is an inexact science and it's not that hard to make it look like a different source address.
I only let in US+CA+AU to my website due to too many attacks, by adding geoip fencing to nginx which is pretty easy to set up. I also have a custom fail2ban to ban anybody trying to look for php/wordpress stuff as that's a big attack vector by the bots and script kiddies attacking websites. I've locked myself out of my AWS box a couple times via messing up fail2ban blocks of ssh incoming, requiring me to just nuke+rebuild it, so I probably need another solution there. Thinking of just permitting my LAN ip there once again, if I can come up with a second path in just-in-case. Maybe I'll try WireGuard there and let my home box tunnel into the cloud VM. Maybe. I'll have to think about it some more. It's an arms race and it's tiring even needing to fight it... -- You received this message because you are subscribed to the Google Groups "weewx-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to weewx-user+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/weewx-user/892d6384-4dba-44f7-9f06-cf84e3fcb08cn%40googlegroups.com.
