mj <lists@merit.unu.edu> writes:
A timeout feature is handy here; even though you allow attackers several kicks at the can, it will allow your users to eventually gain control to their accounts again after a suitable penalty period.
There are other RBLs that overlap with this (like CBL), but they include entries will produce false positives. There was OpenBL but that is defunct.
The different lists at blocklist.de have varying efficacy: the ssh and smtp BFD detection are fairly good (they have a 90+% hit rate at my site), but the IMAP/POP BFD detection not as good (maybe 20%). However, if people start feeding IMAP/POP fail2ban data back to blocklist.de, that will get better.
I now know how to block large lists of ips, so if anyone has additional lists to block?
Yeah, all of ChinaNet. May produce false positives.
Joseph Tam <jtam.home@gmail.com>
participants (1)
-
Joseph Tam