For example, something that is too complex for your comfort level, a security concern, or maybe your hardware can’t keep up with the service’s needs?

  • StarDreamer
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    1 year ago

    CrowdSec has completely replaced fail2ban for me. It’s a bit harder to setup but it’s way more flexible with bans/statistics/etc. Also uses less ram.

    It’s also fun to watch the ban counter go up for things that I would never think about configuring on fail2ban, such as nginx CVEs.

    Edit: fixed url. Oops!

    • Anafroj@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Thanks for mentioning it, I didn’t know about it. Protecting against CVEs sounds indeed awesome. I took a more brutal approach to fix the constant pentesting : I ban everyone who triggers a 404. :D Of course, this only work because it’s a private server, only meant to be accessed by me and people with deep links. I’ve whitelisted IPs commonly used by my relatives, and I’ve made a log parser that warns me when those IPs trigger a 404, which let me know if there are legit ones, and is also a great way to find problems in my applications. But of course, this wouldn’t fly on a public server. :)

      Note for others reading this, the correct link is CrowdSec