[TriLUG] Automatic firewall rules based on probes?

Ken MacKenzie ken at mack-z.com
Wed May 14 10:57:57 EDT 2014 

A +1 for fail2ban here as well.

Ken


On Wed, May 14, 2014 at 10:50 AM, Phillip Rhodes (Fogbeam Labs) <
fogbeam at gmail.com> wrote:

> +1 for fail2ban.  I had a demo server that was being knocked offline
> periodically by brute-force ssh bots, and fail2ban fixed that.  It's easy
> to install/configure and works well in my experience.
>
>
> Phil
>
>
> On Wed, May 14, 2014 at 7:44 AM, Keith Woodie <kwoodie at gmail.com> wrote:
>
> > Checkout fail2ban
> > On May 14, 2014 10:43 AM, "Brian" <lugmail at cheetah.dynip.com> wrote:
> >
> > > Hi Gang,
> > >
> > > Every now and then I review a logwatch that's full of a long
> > > dictionary-style probe of my web server.  Does anyone have any personal
> > > anecdotes regarding tools that detect a series of 404s (or other
> errors)
> > > from a single client and create a firewall rule to block that client
> for
> > > some period of time?
> > >
> > > Thanks,
> > > ~Brian
> > > --
> > > This message was sent to: Keith Woodie <kwoodie at gmail.com>
> > > To unsubscribe, send a blank message to trilug-leave at trilug.org from
> > that
> > > address.
> > > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> > > Unsubscribe or edit options on the web  :
> http://www.trilug.org/mailman/
> > > options/trilug/kwoodie%40gmail.com
> > > Welcome to TriLUG: http://trilug.org/welcome
> > >
> > --
> > This message was sent to: Phillip Rhodes <fogbeam at gmail.com>
> > To unsubscribe, send a blank message to trilug-leave at trilug.org from
> that
> > address.
> > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> > Unsubscribe or edit options on the web  :
> > http://www.trilug.org/mailman/options/trilug/fogbeam%40gmail.com
> > Welcome to TriLUG: http://trilug.org/welcome
> >
> --
> This message was sent to: Ken M. <ken at mack-z.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  :
> http://www.trilug.org/mailman/options/trilug/ken%40mack-z.com
> Welcome to TriLUG: http://trilug.org/welcome
>

More information about the TriLUG mailing list