: Fail2ban logs IP address trying to access server, enough? I have fail2ban and logwatch set up. There are IP addresses that are banned > 20 times every day for trying to brute force (I assume)

I have fail2ban and logwatch set up. There are IP addresses that are banned > 20 times every day for trying to brute force (I assume) access the server.

I have added these IP addresses to the .htaccess file within the vhosts folder as well as within the root of the site folder.

e.g.
Order Allow,Deny
Deny from env=DenyAccess
Allow from all
SetEnvIf X-Forwarded-For "^xx.xxx.xx.xx" DenyAccess

(real IP hidden)

The .htaccess config does not stop these access attempts (which I can understand if they are simply trying to ssh our IP address rather than trying to access the site in the browser). Is there anything else I can do to ensure they don't get in? Will they always show on the logwatch regardless of the .htaccess? I have disabled root log in.

10.01% popularity Vote Up Vote Down

: Wildcard SSL vs Multi-domain vs multiple single certs Suppose I want to buy SSL certs for a domain, say xyzzy.com and three sub-domains (www.xyzzy.com, smtp. and mail. for example). There seem

@Frith620

Posted in: #SecurityCertificate

3 Comments

: English content on International page templates: how to mark it up with lang="" attributes? So, I have translated page templates to various languages so it's easier for users to pick their language

@Frith620

Posted in: #Googlebot #Hreflang #Internationalization #Optimization #Seo

1 Comments

: What to do with my RSS sitemap & PubSubHubbub for fast URL indexation in Google? I've read on several places, that by using Google PubSubHubbub will get the newest pages posted in RSS feeds

@Frith620

Posted in: #GoogleIndex #Indexing #Rss #Seo #Sitemap

0 Comments

: Recover a deleted Tumblr post from Google Cache I have accidentally deleted my Tumblr but when I look for it, I see in Google the beginning of my last article. As Google remember it, I would

@Frith620

Posted in: #GoogleCache #Tumblr

1 Comments

Login to post a comment!

1 Comments

Sorted by latest first Latest Oldest Best

@Odierno851

I have just entered into /etc/hosts.deny the IP addresses I want to block

sshd: 123.456.789.10

And the offending IP addresses no longer show up on logwatch.
This is manual but there are ways to do this automatically. One way is to use the 'recidive' function of fail2ban itself

10% popularity Vote Up Vote Down

Feed

: Fail2ban logs IP address trying to access server, enough? I have fail2ban and logwatch set up. There are IP addresses that are banned > 20 times every day for trying to brute force (I assume)

More posts by @Frith620

: Wildcard SSL vs Multi-domain vs multiple single certs Suppose I want to buy SSL certs for a domain, say xyzzy.com and three sub-domains (www.xyzzy.com, smtp. and mail. for example). There seem

: English content on International page templates: how to mark it up with lang="" attributes? So, I have translated page templates to various languages so it's easier for users to pick their language

: What to do with my RSS sitemap & PubSubHubbub for fast URL indexation in Google? I've read on several places, that by using Google PubSubHubbub will get the newest pages posted in RSS feeds

: Recover a deleted Tumblr post from Google Cache I have accidentally deleted my Tumblr but when I look for it, I see in Google the beginning of my last article. As Google remember it, I would

Login to post a comment!

1 Comments

Back to top | Use Dark Theme