| 1 |
On Tue, Sep 06, 2016 at 01:57:54PM -0700, Grant wrote: |
| 2 |
> > Hi, my site is being ravaged by an IP but dropping the IP via |
| 3 |
> > shorewall is seeming to have no effect. I'm using his IP from nginx |
| 4 |
> > logs. |
| 5 |
|
| 6 |
What you really need is to set up net-anlyzer/fail2ban and not do this |
| 7 |
kind of stuff manually. It automates parsing logs for attacks and setting |
| 8 |
up persistent iptables rules to block them. |
| 9 |
|
| 10 |
As soon as I assigned a dns domain name to my home ssh-server and made it |
| 11 |
available externally I was getting attacked by multiple IP addresses from |
| 12 |
china, and as soon as one IP was banned they came at me with another one. |
| 13 |
After I set up fail2ban and set a low preauth limit along with lifetime |
| 14 |
bans, this whole cat-and-mouse game started going more to my liking. |
| 15 |
|
| 16 |
Highly recommend you try it, it comes with lots of predefined |
| 17 |
rules/templates that you can choose from (I see nginx-botsearch and |
| 18 |
nginx-http-auth are included). |
Archives