HiI have begun setting up a bit more security, and one of the tools I am using is Fail2Ban (https://www.fail2ban.org/wiki/index.php/Main_Page) an am using ti to set up IP's to block via at the router. One of the things I do is get an email with a whois fro the IP when it gets blocked and it is pretty obvious that after only a couple of days 90%+ of the attempts come from 2 places, Russia/Ukraine and China with the majority from China. It's at the point that for every 10 attempts 8 would be China, and one from either Russia/Ukraine a na 10th from a random country in the world although in that last 10% about half would be India or Korea. At the moment I am only monitoring ssh attempts, not mail or http etc, but since the site is not live or even advertised these are I guess random attacks and I imagine the volume will increase.So if I could reliably block China and the old USSR countries 90% of my attackers would be stopped before they even get picked up by Fail2Ban.Does anyone have any experience doing this sort of thing, how complex is it, how reliable is it? I should point out that I can only afford free options in terms of price. So fre data sources, OOS software and am running on Linux server and Mikrotik router.cheers,
↧