Lmst

Using #fail2ban with action „route“ is a bad idea if your own IP is not on the ignoreIP list. It will instantly block all traffic.

Wie seriös ist ein Hoster, der "Bulk IP Leasing" anbietet?

Das schreit doch geradezu nach Missbrauch...

Aber das erklärt, warum IPs der Firma "LogicWeb Inc." seit einigen Tagen meine Toplist der meisten geblockten IPs anführt, weil sie im Bruteforce und Ratelimit Filter auffallen...

#fail2ban

What you quickly learn when you tune your #fail2ban on a web server by keeping an eye on #404 failed requests: keep those .env and .git/ out of your production file system tree 🤣. Ban rules are now so extensive that >99% hacking IPs are banned on first or second hit.
A very discrete web server with zero incoming links anywhere, it gets 30-80 new bans daily (even though bans are permanent). Funnily enough these numbers plummet every Sunday, seemingly a day off for wannabe #hackers...

@jwildeboer You mentionned #fail2ban in your article :)
I wrote an alternative called reaction, which aims at being more efficient and at being easier to configure while being more flexible.
You can take a look if it speaks to you :D
https://reaction.ppom.me

Damn, someone tried to bruteforce my mail system's #SMTP authentication with 27 different ip addresses o_O
I'm glad I have #fail2ban keeping me safe :)

#Gentoo is also going "full #PEP517" now, or to be more precise, we are going to rip out the legacy code paths that used `setup.py install`. However, that doesn't mean that PEP517 support is a solved problem.

1. There are still packages that require `setup.py install`, and either outright reject or ignore PEP517. And I'm not talking of dead packages but actively maintained projects. #Fail2Ban is a particularly notorious example (the way I see it, it's going to stop working sooner or later).

2. Some packages that do work with PEP517 builds, still require some hacks to install correctly. Sometimes it means moving files around, sometimes installing some files manually, sometimes patching stuff.

3. There are many packages that use the legacy setuptools backend to workaround their broken PEP517 port. Fortunately, these are at least easy to fix, provided you can convince upstream that actually altering sys.path is the correct solution.

4. Finally, we have removed a fair bunch of "hopeless" packages.

#Python

#Gentoo przechodzi na "100% #PEP517", a dokładniej, to usuwamy kod wspierający `setup.py install`. Nie oznacza to jednak, że ekosystem doczekał się bezproblemowego wsparcia dla tego standardu.

1. Nadal mamy paczki, które wymagają `setup.py install`, i albo odrzucają, albo ignorują, PEP517. I nie mówię tu o nierozwijanych starociach, lecz aktywnych projektach. #Fail2Ban jest tu przykładem wartym nagany (jestem przekonany, że prędzej czy później przestanie działać).

2. Niektóre paczki działają, ale wymagają obejść. Czasem trzeba przerzucić pliki po instalacji, czasem trzeba doinstalować jakiś brakujący plik, a czasem coś połatać.

3. Wiele paczek nadal wymaga przestarzałego ("legacy") backendu setuptools, by obejść problemy z portem na PEP517. Szczęśliwie, z reguły łatwo się je naprawia, o ile uda się przekonać autorów, że modyfikacja sys.path to właściwe rozwiązanie.

4. No i sporo paczek, dla których "nie było nadziei", wyleciało.

#Python

Just under 900 IPs and counting in the last 12 hours coming at my infra:

---
403 343 - - ---- 3/3/0/0/0 0/0 {bogl.no} "POST /xmlrpc.php HTTP/1.1"
---

😄 🔒 👋

#firewall #cybersecurity #wordpress #vulnerability #security #botnet #loser #fail2ban #subjam

🔐 Proxmox zu sichern und zu härten ist kein Luxus, sondern Pflicht. Ob Firewall, SSH-Absicherung, 2FA oder Fail2Ban – jede Maßnahme zählt. In meinem Artikel gibt’s klare Schritte für mehr Sicherheit und weniger Angriffsfläche.

➡️ https://ralf-peter-kleinert.de/linux-server/proxmox-server-sichern-haerten.html

#Proxmox #Linux #ITSecurity #ServerHardening #CyberSecurity #Firewall #SSH #2FA #Fail2Ban

Ein neuer Forumbeitrag: https://linux-nerds.org/topic/1688/fail2ban-auf-einem-systemd-system-debian-12 #linux #fail2ban

🔐 Password Hygiene: Rotating the Wardrobe of Digital Defense #PasswordHygiene #PasswordRotation #SmallBusinessSecurity #Cybersecurity #OpenSource #FreeTools #PasswordManager #KeePassXC #Bitwarden #Passbolt #TwoFactorAuthentication #2FA #Fail2ban #Yubikey #TOTP #OpenSourceSoftware #PasswordStrength #BusinessSecurity #DigitalDefense #SecurityPractices #PasswordPolicy #PasswordManagement #CybersecurityTips #SecurePasswords #BusinessCybersecurity #ITSecurity #OnlineSecurity

http://tomsitcafe.com/2025/04/10/%f0%9f%94%90-password-hygiene-rotating-the-wardrobe-of-digital-defense/

Down side of running #fail2ban: when you or one of the people you provide email service for gets a new device. Invariably, it means doing a "what's my IP" for the new device, then logging into the mail server and doing:

fail2ban-client set dovecot unbanip  
fail2ban-client set postfix unbanip  
fail2ban-client set postfix-sasl unbanip

Before sending and receiving works. It's even more-problematic when the person with the new device doesn't remember the password they were using on their prior devices.

#linux
#postfix
#dovecot

I've done some #vibehosting yesterday... I couldn't be bothered investigating why #fail2ban keeps banning my IP after fetching emails from my email server, so I've decided to delegate my issues to #ollama.

I've set a knowledge base with all the necessary config and log files, etc, and asked #QwQ to investigate... Since it's a #localLLM, I had no issues submitting even the most sensitive information to it.

QwQ did come up with tailored suggestions on how to fix the problem. #openwebui

I've seen a real uptick the past couple of days in attacks on my IP address space. Not sure if I'm being targeted, or part of a wider campaign. Oh well, fail2ban makes quick work of them 😸

#selfhosted #cybersecurity #security #ddos #cyberattack #firewall #fail2ban #subjam

🏕️ my adventures in #selfhosting - day 111 (quiet edition) 💤

Good morning Fedi friends!

I hope you had a nice weekend.

After backing up my two VPSs I am now staring at my #YunoHost dashboard thinking: now what?

It feels a little odd not to have to tackle any pressing self-hosting issues. Everything seems to be working well, including my manual installation of Ghost on a second (Ubuntu) VPS.

I'm now in maintenance mode.

I must confess in the past 24 hours I have spent some time browsing @yunohost 's app catalogue. So many fascinating things in there! But I am exercising restraint (for now, LOL!)

I'm very grateful for all the software I'm currently self-hosting.

On Debian (via YunoHost):

#Fail2Ban
#Friendica -> https://elenarossini.fr/profile/ele/
#GoToSocial (this account!)
#LinkStack -> https://elena.social
#Pixelfed -> https://photos.elenarossini.com/ele

On Ubuntu:

Fail2Ban
My #Ghost blog/newsletter -> https://news.elenarossini.com
#Varnish cache

I'm highly aware of my privilege and how lucky I am to be doing all this. But can I confess I'm a little bored? Thankfully I may have another big project on the horizon: upgrading my VPS and installing / self-hosting #PeerTube. But that will be for another week. Resting now and enjoying this sense of empowerment / digital sovereignty. Very grateful to be in this position.

Wishing you all a fantastic week!

#MySoCalledSudoLife

😂

#oc #security #skriptkiddie #cybersecurity #fail2ban #firewall #seinfeld #soupnazi