On 21/02/2021 03:47, Mike wrote:
After more than a year of using the login-shield front end, this is
the first time I noticed I have ZERO fail2ban blocks...
I have been using the blacklist login-shield on my web server (hosting
about 40-50 different web sites for various clients). It is now to
the point where f2b is not catching any ftp, ssh, or other login
attempts. They're all being caught by the blacklist.
If you haven't tried this, see: https://github.com/dpsystems/login-shield
This isn't meant as a substitute for Fail2ban, but an additional layer
of protection, but it's doing so well, fail2ban basically has nothing
to block. Quite impressive!
Note that this isn't on my mail server. I'm getting a lot more brute
force attacks on pop3 and imap that fail2ban traps, but for my web
server, it's been 100% effective.
I am not in the US and I find that the ip lists provided by login-shield
catch both our main mail servers on very wide (/8) matches. Yes if I
chose to use this tool I could comment them out from the ip lists, but I
have lost confidence in it before starting. Or rather: I am confident it
will block traffic I want to receive. YMMV.
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
