El 04/10/17 a las 08:41, Fr33d0m4all escribió:
I know, I know about how internet works :) I’ve just simply noted a large increase in SSH brute force attempts in the last two weeks. BTW I don’t have root login enabled and I have two factor authentication on my SSH port (not standard), which is enabled only for a single low privileges user, so there’s no problem. I work for a provider and I manage IPS devices, so I know that it is common to have a large amount of intrusion attempts, I was just wondering if there was some attack against Tor nodes going on since the increase of intrusion attempts in the last few weeks :)
Best regards,
Also, you could consider pam-abl (auto blacklisting) instead of fail2ban. Relying on PAM, it doesn't need to process the logs to ban hosts or users.