ciplogic.com
Live with grace. Write superb software.

fail2ban

  • Change Your SSH Server Port

    A while back, in November 2014, I was posting an article showing that over the course of a year and a half or so (my blog was rehosted from February 2014), fail2ban blocked 1633 IPs.

    Today I checked again, and to my surprise I got:

    [root@ciplogic ~]# iptables -L -n | grep REJECT | wc -l
    5853

    For the first time segment (273 days period) I averaged 5.98 IP bans a day. From that day to today I got: 5853-1633 = 4220 new bans. The time period from November 2014 to today is 573 days.

    That means in the last year the banning grew to 7.36 bans a day (~20% increase). And we need to remember that this is also with the previous backlist.

    So today, beside applauding fail2ban's relentless work, I changed the port of the SSH server.

    To my surprise from this morning, until now, there is radio silence from the fail2ban new bans. I guess most scanners don't do a port scanning first, and they just try to find default or weirdly configured SSH servers.

    So here's my second tip. Change your SSH server port.

  • Fail2Ban Doing Real Work

    I see that some people try to access my host, even if they are not me.

    Crazy, right?

    Here is a small statistic in less than a year, on how many attackers fail2ban managed to ban, when trying to bruteforce this website via ssh:

    1
    2
    [root@ciplogic ~]# iptables -L -n | grep REJECT | wc -l
    1633

    Awesome!

    So if you don't have it yet, and run some linux, definitelly install it.

    If you use CentOS just do:

    1
    [root@ciplogic ~]# yum install fail2ban

    Happy admining.

Germanium

The one to rule them all. The browsers that is.

SharpKnight

SharpKnight is an Android chess game.

MagicGroup

MagicGroup is an eclipse plugin.