[GLLUG] Maybe OT - Fail2ban and what triggers it
Ken Smith
kens at kensnet.org
Mon Mar 18 09:30:57 UTC 2013
tid wrote:
> On 18 March 2013 07:39, Ken Smith<kens at kensnet.org> wrote:
>
>
>> Interesting - to me anyway....
>>
> And to me, Ken. I spend a sizable portion of time poring over log
> files looking at ssh attempts. I also see
> a high number of attacks from the GFW, but am less interested in their
> geographical location than the
> fact that they happen at all. Luckily the boxes in question are only
> available to a small user set ( for ssh only)
> so after months of arguing the toss with colleagues, I have moved ssh
> to another port. There are now almost
> no login attempts although fail2ban is still in place, and I sleep
> somewhat easier.
>
> Tid.
>
>
I normally move the ssh port somewhere obscure too, I checked with the
hoster of my VM and they said it would disrupt their monitoring tools so
I left it on port 22 and added a key to the one the hoster already had
there. I would prefer not to use port 22 though.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the GLLUG
mailing list