Am 20.02.2017 um 18:56 schrieb [email protected]: > Apache "Mod Evasive" can be configured to block based on rate > (those scans are coming in at a rate of more than ten per second, > apparently).
Hi pjc904, portscans have nothing to do with Apache. A portscan is, when someone tries to find open ports on your system, and then tries to break in using vulnerities of the service behind that port. Most likely they are searching for ssh, telnet or ftp services to break in. To detect such scans I closed all ports at the firewall (except those that I need) and log attempts to connect. After 3 failures I ban the scanning host for 1 hour. My ssh daemon runs on a non-standard port, so it's likely that I detect attempts to break in through ssh. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
