🐿️
18

Hit 1,000 suspicious logins blocked in a single night on my home server

I run a basic Pi-hole and Fail2ban setup at home, nothing fancy. Last night while working my night shift, I checked the dashboard on my phone during a break and saw we hit 1,000 blocked login attempts since midnight. That number caught me off guard because I thought my network was too small to attract that much attention. Turns out, bots just scan everything everywhere, even residential IPs. Most were from three IP ranges out of China and Russia trying to hit my SSH port. I had Fail2ban configured to ban after 3 failed attempts, which helped a ton. Makes me wonder what my firewall would look like without those tools running. Has anyone else checked their logs and found a number way higher than they expected?
2 comments

Log in to join the discussion

Log In
2 Comments
kevin_roberts41
Ban after 3 attempts is a bit aggressive since fail2ban works after the login fails.
1
eric_price
eric_price14d agoMost Upvoted
Actually the 3 attempt ban is probably fine for SSH but consider this - most brute force attempts against web apps or APIs will hit that limit before fail2ban even has time to assess the traffic pattern. So it might be better than waiting for fail2ban to catch up.
4