18
Hit 1,000 suspicious logins blocked in a single night on my home server
I run a basic Pi-hole and Fail2ban setup at home, nothing fancy. Last night while working my night shift, I checked the dashboard on my phone during a break and saw we hit 1,000 blocked login attempts since midnight. That number caught me off guard because I thought my network was too small to attract that much attention. Turns out, bots just scan everything everywhere, even residential IPs. Most were from three IP ranges out of China and Russia trying to hit my SSH port. I had Fail2ban configured to ban after 3 failed attempts, which helped a ton. Makes me wonder what my firewall would look like without those tools running. Has anyone else checked their logs and found a number way higher than they expected?
2 comments
Log in to join the discussion
Log In2 Comments
kevin_roberts4114d ago
Ban after 3 attempts is a bit aggressive since fail2ban works after the login fails.
1
eric_price14d agoMost Upvoted
Actually the 3 attempt ban is probably fine for SSH but consider this - most brute force attempts against web apps or APIs will hit that limit before fail2ban even has time to assess the traffic pattern. So it might be better than waiting for fail2ban to catch up.
4