Recently i was able to capture some real data from my servers fail2ban logs
this is how fail2ban logs look for banning ips
2012-10-21 12:54:16,032 fail2ban.actions: WARNING [ssh] Ban 112.4.172.217
2012-10-22 17:05:48,080 fail2ban.actions: WARNING [ssh] Ban 222.73.24.10
2012-10-22 18:36:55,892 fail2ban.actions: WARNING [ssh] Ban 202.96.199.150
2012-10-22 23:23:10,053 fail2ban.actions: WARNING [ssh] Ban 111.74.82.33
2012-10-23 05:06:53,861 fail2ban.actions: WARNING [ssh] Ban 74.206.235.92
2012-10-23 13:11:05,652 fail2ban.actions: WARNING [ssh] Ban 112.216.140.51
2012-10-24 19:31:55,504 fail2ban.actions: WARNING [ssh] Ban 60.161.124.10
2012-10-24 22:52:47,324 fail2ban.actions: WARNING [ssh] Ban 125.210.190.190
2012-10-25 04:20:06,184 fail2ban.actions: WARNING [ssh] Ban 109.163.234.238
2012-10-26 11:11:12,332 fail2ban.actions: WARNING [ssh] Ban 122.139.60.134
very straigt forward and easy to understand which is always a good feature now lets look at the iptables entries
DROP all -- 122.139.60.134 0.0.0.0/0
DROP all -- 109.163.234.238 0.0.0.0/0
DROP all -- 125.210.190.190 0.0.0.0/0
DROP all -- 60.161.124.10 0.0.0.0/0
DROP all -- 112.216.140.51 0.0.0.0/0
DROP all -- 74.206.235.92 0.0.0.0/0
DROP all -- 111.74.82.33 0.0.0.0/0
DROP all -- 202.96.199.150 0.0.0.0/0
DROP all -- 222.73.24.10 0.0.0.0/0
DROP all -- 112.4.172.217 0.0.0.0/0
DROP all -- 31.3.214.241 0.0.0.0/0
DROP all -- 193.104.68.200 0.0.0.0/0
DROP all -- 219.146.225.147 0.0.0.0/0
DROP all -- 64.185.226.120 0.0.0.0/0
DROP all -- 58.221.252.194 0.0.0.0/0
DROP all -- 212.68.50.132 0.0.0.0/0
DROP all -- 205.251.141.29 0.0.0.0/0
DROP all -- 121.10.140.215 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
fail2ban as i say in my post is a must have for ssh based security
with dynamic editing to the iptables firewall and clear logs it really is a
admins must have app
stay secure !
No comments:
Post a Comment