[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

How to push back against repeated login attempts?

Considering running a freedom box or similar, I have a RPi running Buster outside my home router's DMZ. It was discovered within a short time (minutes or hours) of first being setup. It now has fail2ban running with defaults. Over about the last month, fail2ban logs show about 35,000 "unbans" from about 3700 unique IPs. This equates to many more failed login attempts. From auth.log there are many attempts for root login, and a wide variety of other username login or connection attempts, at a slow, steady pace with an attempt at least every minute or two.

I've seen https://www.debian.org/doc/manuals/securing-debian-manual/index.en.html and https://www.fail2ban.org/wiki/index.php/MANUAL_0_8 but... can someone point me towards a TL;DR getting started getting even guide? Fail2ban seems oriented towards individual actions like sending emails to "abuse" contacts, as if they don't already know... I'm looking for things like optimum settings to waste these probers' cycles, how to request NSA to call in a drone strike, or how to join in with "community action" to discourage these probes (partially in jest).

Reply to: