Pro tip: I just blocked my 10,000th login attempt on my home server

In my experience, setting up a simple fail2ban rule to block IPs after 5 bad tries caught way more bots than I expected. The log showed over 9,000 attempts came from just three IP ranges in a single week. It really shows you can't just rely on a strong password alone. Has anyone else seen a specific number that made them step up their basic network security?

3 comments

3 Comments

paige_ellis5918d ago

Wait, that's actually fail2ban doing the blocking, right?

willow_garcia1d ago

Hold up, "fail2ban just runs the firewall commands for you"? That's the whole point, it's automated. The scary part is when you don't realize it's been running for years and your block list is a mile long. Then every single packet hits a wall of rules before it even gets looked at. That's when your server starts feeling like it's running through mud.

tylermurray18d ago

Oh good catch, paige_ellis59. People forget that fail2ban just runs the firewall commands for you. The real question is if the block list is getting too big and slowing things down. I've seen systems crawl because they were trying to check thousands of blocked IPs against every single connection. Makes you wonder if just banning whole networks is sometimes easier.