6
记录一下 配置 fail2ban 后一周的拦截情况
source link: http://i.lckiss.com/?p=7765
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
记录一下 配置 fail2ban 后一周的拦截情况
2022-01-19
直接贴上 iptables 禁止的 ip 吧,如下:
target prot opt source destination REJECT all -- 39.103.152.13 anywhere reject-with icmp-port-unreachable REJECT all -- 101.133.224.74 anywhere reject-with icmp-port-unreachable REJECT all -- 39.103.165.234 anywhere reject-with icmp-port-unreachable REJECT all -- vmi593068.contaboserver.net anywhere reject-with icmp-port-unreachable REJECT all -- 101.133.149.35 anywhere reject-with icmp-port-unreachable REJECT all -- 206.189.125.204 anywhere reject-with icmp-port-unreachable REJECT all -- 198.98.51.76 anywhere reject-with icmp-port-unreachable REJECT all -- 68.183.148.131 anywhere reject-with icmp-port-unreachable REJECT all -- 101.133.226.161 anywhere reject-with icmp-port-unreachable RETURN all -- anywhere anywhere
被拦截后 nginx 错误日志里就会如下一些提示:
2022/01/18 14:18:25 [error] 25#25: *379952 recv() failed (104: Connection reset by peer) while proxying and reading from upstream, client: 89.248.165.25,
同时就上周开始到现在的相关日志大小也挺惊人的:
所以说以前几年懂得不多的时候,合着就默默承受了这些攻击,虽然说我的密码都是用 1password 随机生成的,其他都是 ssh ,但还是怕别人运气好,在日志中还可以看到很多骚操作,比如撞库,尝试创建脚本,或者访问一些默认生成的文件之类的,不过一般他们也没能得逞,如果真有程序上的漏洞我也管不着,尽人事听天命。
周末抽空写下 docker 中 fail2ban 的配置方法,虽然总的来说也挺简单的,但还是记录下。
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK