On 2013-08-22 8:03 AM, Simon B <simon.buongio...@gmail.com> wrote:
Surely the simplest solution is fail2ban with the false attempts in x
minutes resulting in a 20 minute ban?
No for two reasons...
1. Again, we have ZERO users who are outside the US, so why allow
connections at all?
and
2. I am not currently seeing massive hack/crack attempts from the same
IP, just random connections from lots of different IP's.
Otherwise you'd get more flexibility at the firewall level for geoip
ranges..
Actually, yeah, that is probably a better way to do this anyway, seeing
as we don't need to allow users from anywhere else to connect...
Now to figure out how to log these firewall rejections to a separate log
file, so I can see them if/when someone complains about not being able
to connect.
Thanks Simon.
--
Best regards,
*/Charles/*