Author: Conrad Wood Date: To: Chris Smith CC: users Subject: Re: [bitfolk] Blocking IP Addresses
On Mon, 2019-11-11 at 11:54 +0000, Chris Smith wrote: > > On 11 Nov 2019, at 11:30, Conrad Wood <cnw@???> wrote:
> >
> > I read some reports on this list where people get random IPs
> > scanning/probing ports. I have that same issue of course.
> > I use a combination of fail2ban and some hooks in my software to
> > build
> > up a blacklist of IPs over time.
> > My question is if it's feasible to have a bitfolk-hosted blacklist
> > of
> > IPs. If we were all to report our probes and scans into a (to-be-
> > build)
> > bitfolk system, we'd probably protect each other more quickly and
> > effectively.
>
> You might look at denyhosts, which I believe has a community
> blacklist at denyhosts.net. If you don’t want to use denyhosts
> explicitly, you may be able to synchronise that database content with
> fail2ban.
>
> It occurs to me though that these mechanisms would be an obvious
> vector for a DOS attack, by maliciously blacklisting harmless IP
> blocks. I don’t know what measures (if any) denyhosts has taken to
> prevent that.
>
I should have mentioned that I do use some community lists too. The
main point though I was attempting to convey was that I would consider
it beneficial if the blocking was done on a router upstream from the
VPS rather on the VPS itself.
