Re: How to push back against repeated login attempts?

To: oregano@disroot.org
Cc: ARM <debian-arm@lists.debian.org>
Subject: Re: How to push back against repeated login attempts?
From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
Date: Tue, 2 Mar 2021 11:22:34 +0000
Message-id: <[🔎] CAPweEDy60WRJMHiofh5cC8AEmDaEeOixrsB22Bq61s6nzi406w@mail.gmail.com>
In-reply-to: <[🔎] 76c60168d5cc46ec0b91eaf50250c0e4@disroot.org>
References: <[🔎] 76c60168d5cc46ec0b91eaf50250c0e4@disroot.org>

On Tue, Mar 2, 2021 at 9:51 AM <oregano@disroot.org> wrote:

> Considering running a freedom box or similar, I have a RPi running Buster outside my home router's DMZ. It was discovered within a short time (minutes or hours) of first being setup.

ahh yes.  welcome to the discovery that there are people running
extremely sophisticated long-running break-in attempts, world-wide.

> It now has fail2ban running with defaults. Over about the last month, fail2ban logs show about 35,000 "unbans" from about 3700 unique IPs.

if you want to do something "gradual", use fail2ban recidive.

i decided 3 years ago that enough was enough, and simply set all and
any failed password attempts at an instant 2 week ban.  by running
OpenVPN i can at least get in if i happen to make a mistake.

l.

Reply to:

Follow-Ups:
- Re: How to push back against repeated login attempts?
  - From: Alan Corey <alan01346@gmail.com>

References:
- How to push back against repeated login attempts?
  - From: oregano@disroot.org

Prev by Date: Re: How to push back against repeated login attempts?
Next by Date: Re: How to push back against repeated login attempts?
Previous by thread: Re: How to push back against repeated login attempts?
Next by thread: Re: How to push back against repeated login attempts?
Index(es):
- Date
- Thread