29 Sep
2014
29 Sep
'14
12:13 p.m.
On Mon, Sep 29, 2014 at 8:53 AM, William Lewis kg6baj@n1oes.org wrote:
Having a back-end script that monitors hacking attempts and then just automatically bans ip's and networks that allow hackers seems to be pretty efficient for my needs. It may not be for everyone, though.
I do this with a program called fail2ban. You configure it to watch log files for authentication failures or other suspicious activity. It then blocks the suspicious source IP in iptables for the configured period of time. When the time expires, the IP is unbanned, so false positives or new users of an IP address aren't adversely affected.
I get many bans per day and don't put much energy into monitoring or reporting them.
Tom KD7LXL