On 09-09-16 08:49, Mitchell Krog Photography wrote: > Saw one reply this morning about changing SSH to a different port. Not > sure why people go changing their SSH port from 22 to something else, > does not achieve anything, might just make you feel more secure. Go read > about security through obscurity. If someone thinks you are hiding > something you give them reason to go digging deeper looking for it.
Fail2ban does stop the mindless bot trying a dictionary attack on any found ssh server. It doesn't stop a hacker that is already interested in you, and is specifically trying to get into your machine. When you get that kind at attention, fail2ban cannot help you (and isn't meant to be of help then). As long as the first category (mindless bots) is 99.9% of the traffic hitting your ssh server, fail2ban works great within its limits. These bots aren't interested in digging deeper, they just move on to a next possible target. > > All my SSH runs on port 22 across 9 different servers. They are all > accessed using non password logins using certificates. They all run > Fail2ban and all attackers get perma-banned. One attack of 3 attempts > and it goes into recidive forever with the bantime set to -1and also > gets reported to bad IP’s.com. > > In addition I run a daily cron which download sets of IP’s from > BADips.com <http://badips.com> and generates a hosts.deny file on every > server which keeps out 99% and then the other 1% are caught and reported > to badips.com <http://badips.com> which strengthens the badips.com > defense system too. > > You can get that script from here > - https://github.com/mitchellkrogza/fail2ban-useful-scripts > > Be harsh with recidive when it comes to SSH if anyone _but you_ is > trying to connect to your SSH port they are sniffing and up to no good, > block them out and be done with them. > > KR > Mitchell > > > > > > From: Nick Howitt <[email protected]> <mailto:[email protected]> > Date: 09 September 2016 at 8:07:41 AM > To: Grant <[email protected]> <mailto:[email protected]>, > [email protected] > <[email protected]> > <mailto:[email protected]> > Subject: Re: [Fail2ban-users] Persistent ssh bots > >> Shut the WAN SSH port completely then use OpenVPN to get on to your >> LAN and access SSH as if you are connected to the LAN. >> >> On 08/09/2016 22:15, Grant wrote: >>> What do you guys do about ssh bots that are repeatedly banned every 10 >>> minutes? >>> >>> - Grant >>> >>> ------------------------------------------------------------------------------ >>> _______________________________________________ >>> Fail2ban-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> Fail2ban-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
