Post AXMJ30eNHFgRMITP5k by ParadeGrotesque@mastodon.sdf.org
(DIR) More posts by ParadeGrotesque@mastodon.sdf.org
(DIR) Post #AXKQIhS4jcaroQEHpo by ParadeGrotesque@mastodon.sdf.org
2023-07-03T20:31:01Z
0 likes, 0 repeats
2062 IP addresses in /etc/hosts.deny90 new IP addresses blocked today.Something is not quite right. 🤔
(DIR) Post #AXKUDNgrBEUGtKrXma by philippmichelreichold@mastodon.sdf.org
2023-07-03T21:14:51Z
0 likes, 0 repeats
@ParadeGrotesque 🙃
(DIR) Post #AXLAODqEKmqtbe6CI4 by kc@social.coop
2023-07-03T20:33:17Z
0 likes, 0 repeats
@ParadeGrotesque fail2ban or CFS might be a little bit over sensitive ?
(DIR) Post #AXLAVxfWLdUdlQmQEq by Uilebheist@chaos.social
2023-07-03T20:34:25Z
0 likes, 0 repeats
@ParadeGrotesque What's not quite right is that you aren't blocking enough, I tell you.I have a PF rule to load blocked IPs from file /etc/pf.blacklist:# wc /etc/pf.blacklist 7496 7544 117489 /etc/pf.blacklist
(DIR) Post #AXLmJPPFhndGHgc0kC by ParadeGrotesque@mastodon.sdf.org
2023-07-04T12:12:21Z
0 likes, 0 repeats
@kc It's DenyHosts because I am an old fart.Also: not as surprising as it sounds. Lots of scripted attacks latch on the first open port 22. And I have port 22 opened on my machine, because I am an old fart.(My openssh configuration is set to reject all logins except for a couple of users anyway).
(DIR) Post #AXMJ2zzFk8n3IlEYzo by js@social.nil.im
2023-07-04T08:27:16.055222Z
0 likes, 0 repeats
@ParadeGrotesque Do you also ban each IPv6 individually? 😂
(DIR) Post #AXMJ30eNHFgRMITP5k by ParadeGrotesque@mastodon.sdf.org
2023-07-04T18:19:05Z
0 likes, 0 repeats
@js IPv4 only on my ISP I am afraid.And yes, I like individual blocking. Sue me!
(DIR) Post #AXMgQRPgEl8jy7k54q by kc@social.coop
2023-07-04T12:26:26Z
0 likes, 0 repeats
@ParadeGrotesque I do the same, port 22 because I'm too lazy to remember any other one. I do leave the firewall to soft ban after a couple bad tries, and permaban after a couple more.For some reason though mod_security has no chill, one hit and permaban it is for you