OK now my fail2ban is working. I have thousand of email informing me that some IPs are blocked. But the question is the same will attack again when the banned time is over. So except playing with banned time, is there anything that we can do? How do we banned those IPs for good? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Linux <hans.linux@igi-alliance.com> [09-03-08 21:13]:
OK now my fail2ban is working. I have thousand of email informing me that some IPs are blocked. But the question is the same will attack again when the banned time is over. So except playing with banned time, is there anything that we can do? How do we banned those IPs for good?
well, you can adjust the ban times in /etc/fail2ban/jail.conf or install DenyHosts and set an extended ban time. btw, ssh penetration attempts have escalated in the last couple of days. I run both fail2ban and denyhosts and have a firewall rule to drop after three failures and still see several hunderd bans per day. -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, Sep 3, 2008 at 6:55 PM, Patrick Shanahan <paka@opensuse.org> wrote:
* Linux <hans.linux@igi-alliance.com> [09-03-08 21:13]:
OK now my fail2ban is working. I have thousand of email informing me that some IPs are blocked. But the question is the same will attack again when the banned time is over. So except playing with banned time, is there anything that we can do? How do we banned those IPs for good?
well, you can adjust the ban times in /etc/fail2ban/jail.conf or install DenyHosts and set an extended ban time.
btw, ssh penetration attempts have escalated in the last couple of days. I run both fail2ban and denyhosts and have a firewall rule to drop after three failures and still see several hunderd bans per day.
And I'm seeing some too, but I have a VERY long lock-out (shorewall) after three attempts. Most of the reported IPs in my log are from Bejing. -- ----------JSA--------- Someone stole my tag line, so now I have this rental. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
John Andersen -
Linux -
Patrick Shanahan