Conversation

Notices

Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Monday, 15-Aug-2022 06:57:10 UTC Jan Wildeboer 😷:krulorange:

You know what? You continuously try to brute force your way into my mail server, you ignore abuse@ e-mails. You get blocked completely.
rule family="ipv4" source address="141.98.10.0/24" reject
rule family="ipv4" source address="141.98.11.0/24" reject
rule family="ipv4" source address="45.125.66.0/24" reject

In conversation Monday, 15-Aug-2022 06:57:10 UTC from social.wildeboer.net permalink
- Bernie (codewiz@mstdn.io)'s status on Monday, 15-Aug-2022 06:57:08 UTC Bernie
  in reply to
  
  @jwildeboer Long ago I made a bash script called "ipkill" which adds an IP to my iptables rules and reloads the table.
  A primitive tool that served me well before the availability of slightly smarter stuff like fail2ban.
  
  In conversation Monday, 15-Aug-2022 06:57:08 UTC permalink
- Tim 🐧 (tim@social.techn1k.de)'s status on Tuesday, 16-Aug-2022 06:28:36 UTC Tim 🐧
  in reply to
  - Bernie
  @codewiz Same here. After I found out that many of the IP in the postfix log also show up in the nginx log, I decided to use the "sledgehammer method":
  
  grep ': connect from unknown' /var/log/mail | cut -d '[' -f3 | sed 's/]$//' | sort -u
  
  Everything found in the postfix log this way ends up on my perimeter firewall's blocklist for at least 30 days.
  
  The script for this runs every 2 hours on my mail server. Since I've been doing this, the number of port scans, web server "pentests" etc. has decreased significantly.
  
  @jwildeboer
  
  In conversation Tuesday, 16-Aug-2022 06:28:36 UTC permalink

Public

Notices

Feeds