This is just the 1000 last lines of my nginx log
You can put fail2ban to look for specific keywords and ban them if they keep trying. I did that a while back and my servers are in a much better spot. IP black/block lists also help.
Stuff that’s good:
- fail2ban + AbuseIPDB API
- ssh: + endlessh
- iocaine
Just for reference, my abuseipdb stats.
Edit: added iocaine link
I’m struggling to find iocaine - what is it?
Oops, forgot that its name is literally ripped from a well-known book-thing, so search results won’t be good. So here’s the link: https://iocaine.madhouse-project.org/
- fail2ban + AbuseIPDB API
One crowdsec instance later the scan connections went down to not a lot.
Looks like an interesting service, but expensive
You can selfhost the complete service. Only their Console Is a paid service, should you want or need that.
Interesting, thanks for the tip!
I’m curious how much those blacklists change over time
That’s from my webserver, green is community, yellow is local.
Oh yeah, that’s pretty standard.
