gpg: Signature made Fri Mar 2 12:25:56 2018 UTC
gpg: using DSA key 2099B64CBF15490B
gpg: Good signature from "Andy Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andrew James Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andy Smith (UKUUG) <andy.smith@ukuug.org>" [unknown]
gpg: aka "Andy Smith (BitFolk Ltd.) <andy@bitfolk.com>" [unknown]
gpg: aka "Andy Smith (Linux User Groups UK) <andy@lug.org.uk>" [unknown]
gpg: aka "Andy Smith (Cernio Technology Cooperative) <andy.smith@cernio.com>" [unknown]
Hi Conrad,
On Fri, Mar 02, 2018 at 12:19:11PM +0000, Conrad Wood wrote:
> I found blocking large network ranges for upto 60 minutes worked well
> for my kind of ssh, together with an IP Whitelist of my most common IPs
> . Perhaps an agressive fail2ban policy together with a user-maintained
> ip whitelist would work well for bitfolk?
Yes, it may be a workable idea to block port 22 access completely
but then allow people to supply some allowed netblocks via the web
panel.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
