Recommendations on intrusion prevention/detection?
Plutocrat
plutocrat at gmail.com
Thu Apr 23 04:57:17 EEST 2020
On 22/04/2020 20.29, Johannes Rohr wrote:
> Is there a reasonable way of detecting and preventing logins from
> unusual IP ranges? Or are there other strategies you would recommend?
I'd generally set up a short ban on logins originally, and then a second, longer ban for 'repeat offenders'. You basically look through the fail2ban log, and if an IP has been banned, say, 5 times in 24 hours, then you ban it for a much longer time.
Here's one example. There are others.
https://github.com/mitchellkrogza/Fail2Ban-Blacklist-JAIL-for-Repeat-Offenders-with-Perma-Extended-Banning
P.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <https://dovecot.org/pipermail/dovecot/attachments/20200423/cd8f7da4/attachment.sig>
More information about the dovecot
mailing list