On 22/04/2020 20.29, Johannes Rohr wrote: > Is there a reasonable way of detecting and preventing logins from > unusual IP ranges? Or are there other strategies you would recommend?
I'd generally set up a short ban on logins originally, and then a second, longer ban for 'repeat offenders'. You basically look through the fail2ban log, and if an IP has been banned, say, 5 times in 24 hours, then you ban it for a much longer time. Here's one example. There are others. https://github.com/mitchellkrogza/Fail2Ban-Blacklist-JAIL-for-Repeat-Offenders-with-Perma-Extended-Banning P.
signature.asc
Description: OpenPGP digital signature
