| Re: Any way to limit SSH bruteforce scanning of VPS's on the node? [message #44683 is a reply to message #44675] |
Wed, 21 December 2011 21:49   |
mustardman
Messages: 91
Registered: October 2009
|
Member |
|
|
I'm familiar with fail2ban. It has its uses if you know how to set it up for yourself which I do. I'm not a big fan of setting it up for customers on VPS's though. The process uses too much memory which is at a premium on VPS's. Also it's a bit awkward to set up. Again, not a problem if you are doing it yourself for your own use but not if you want a cookie cutter solution to bang out to customers.
The other solutions same thing. Just adds more complexity. I'm looking for something that keeps it simple and just works. So in my mind that excludes anything that uses lists and processes and log files. Which leaves me with iptables which is already built into the kernel, does not use more memory, does not add much if any overhead, is usually already running.
Not sure what you mean about running fail2ban on the nodes and patching. I don't have problems on the nodes. I change the ssh ports on the nodes and use keys instead of passwords.
[Updated on: Wed, 21 December 2011 21:52] Report message to a moderator |
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
