23 Apr
2020
23 Apr
'20
4:57 a.m.
On 22/04/2020 20.29, Johannes Rohr wrote:
Is there a reasonable way of detecting and preventing logins from unusual IP ranges? Or are there other strategies you would recommend?
I'd generally set up a short ban on logins originally, and then a second, longer ban for 'repeat offenders'. You basically look through the fail2ban log, and if an IP has been banned, say, 5 times in 24 hours, then you ban it for a much longer time.
Here's one example. There are others. https://github.com/mitchellkrogza/Fail2Ban-Blacklist-JAIL-for-Repeat-Offende...
P.