MobileRead Forums - View Single Post

chaley · 07-26-2017, 07:37 AM

I use fail2ban on my linux-based VPS. It can take a bit of setup to get things right, especially with a service that isn't included in the normal configuration, but once it is running it works well. On my setup it deals with attacks on sendmail, apache (proxy attacks, wordpress, etc), calibre, and other tools. I handle ssh attacks differently because a) there are so many attacks, sometimes coming at rates of 100s per second, and b) I publish the list of attacking IPs as a host.deny file.

I wouldn't ever expose a computer on my home network to the internet no matter what operating system it runs. If a bad guy gets into that machine then there is a very good chance that every other machine on the home net will be hacked. In the past I have built a real DMZ (two firewalls with double-NAT), but these days a cheap VPS works as well or better and I don't need to maintain the hardware.

07-26-2017, 07:37 AM	#5
chaley Grand Sorcerer Posts: 12,447 Karma: 8012886 Join Date: Jan 2010 Location: Notts, England Device: Kobo Libra 2	I use fail2ban on my linux-based VPS. It can take a bit of setup to get things right, especially with a service that isn't included in the normal configuration, but once it is running it works well. On my setup it deals with attacks on sendmail, apache (proxy attacks, wordpress, etc), calibre, and other tools. I handle ssh attacks differently because a) there are so many attacks, sometimes coming at rates of 100s per second, and b) I publish the list of attacking IPs as a host.deny file. I wouldn't ever expose a computer on my home network to the internet no matter what operating system it runs. If a bad guy gets into that machine then there is a very good chance that every other machine on the home net will be hacked. In the past I have built a real DMZ (two firewalls with double-NAT), but these days a cheap VPS works as well or better and I don't need to maintain the hardware.