29 Sep
2014
29 Sep
'14
11:13 a.m.
On Mon, Sep 29, 2014 at 8:53 AM, William Lewis <kg6baj(a)n1oes.org> wrote:
Having a back-end script that monitors hacking
attempts and then just
automatically bans ip's and networks that allow hackers seems to be pretty
efficient for my needs. It may not be for everyone, though.
I do this with a program called fail2ban. You configure it to watch
log files for authentication failures or other suspicious activity. It
then blocks the suspicious source IP in iptables for the configured
period of time. When the time expires, the IP is unbanned, so false
positives or new users of an IP address aren't adversely affected.
I get many bans per day and don't put much energy into monitoring or
reporting them.
Tom KD7LXL