[TriLUG] Automatic firewall rules based on probes?
Phillip Rhodes (Fogbeam Labs)
fogbeam at gmail.com
Wed May 14 10:50:59 EDT 2014
+1 for fail2ban. I had a demo server that was being knocked offline
periodically by brute-force ssh bots, and fail2ban fixed that. It's easy
to install/configure and works well in my experience.
Phil
On Wed, May 14, 2014 at 7:44 AM, Keith Woodie <kwoodie at gmail.com> wrote:
> Checkout fail2ban
> On May 14, 2014 10:43 AM, "Brian" <lugmail at cheetah.dynip.com> wrote:
>
> > Hi Gang,
> >
> > Every now and then I review a logwatch that's full of a long
> > dictionary-style probe of my web server. Does anyone have any personal
> > anecdotes regarding tools that detect a series of 404s (or other errors)
> > from a single client and create a firewall rule to block that client for
> > some period of time?
> >
> > Thanks,
> > ~Brian
> > --
> > This message was sent to: Keith Woodie <kwoodie at gmail.com>
> > To unsubscribe, send a blank message to trilug-leave at trilug.org from
> that
> > address.
> > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> > Unsubscribe or edit options on the web : http://www.trilug.org/mailman/
> > options/trilug/kwoodie%40gmail.com
> > Welcome to TriLUG: http://trilug.org/welcome
> >
> --
> This message was sent to: Phillip Rhodes <fogbeam at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web :
> http://www.trilug.org/mailman/options/trilug/fogbeam%40gmail.com
> Welcome to TriLUG: http://trilug.org/welcome
>
More information about the TriLUG
mailing list