a little continuation of my fail2ban post

Recently i was able to capture some real data from my servers fail2ban logs

this is how fail2ban logs look for banning ips

2012-10-21 12:54:16,032 fail2ban.actions: WARNING [ssh] Ban 112.4.172.217
2012-10-22 17:05:48,080 fail2ban.actions: WARNING [ssh] Ban 222.73.24.10
2012-10-22 18:36:55,892 fail2ban.actions: WARNING [ssh] Ban 202.96.199.150
2012-10-22 23:23:10,053 fail2ban.actions: WARNING [ssh] Ban 111.74.82.33
2012-10-23 05:06:53,861 fail2ban.actions: WARNING [ssh] Ban 74.206.235.92
2012-10-23 13:11:05,652 fail2ban.actions: WARNING [ssh] Ban 112.216.140.51
2012-10-24 19:31:55,504 fail2ban.actions: WARNING [ssh] Ban 60.161.124.10
2012-10-24 22:52:47,324 fail2ban.actions: WARNING [ssh] Ban 125.210.190.190
2012-10-25 04:20:06,184 fail2ban.actions: WARNING [ssh] Ban 109.163.234.238
2012-10-26 11:11:12,332 fail2ban.actions: WARNING [ssh] Ban 122.139.60.134

very straigt forward and easy to understand which is always a good feature now lets look at the iptables entries

DROP       all  —  122.139.60.134       0.0.0.0/0
DROP       all  —  109.163.234.238      0.0.0.0/0
DROP       all  —  125.210.190.190      0.0.0.0/0
DROP       all  —  60.161.124.10        0.0.0.0/0
DROP       all  —  112.216.140.51       0.0.0.0/0
DROP       all  —  74.206.235.92        0.0.0.0/0
DROP       all  —  111.74.82.33         0.0.0.0/0
DROP       all  —  202.96.199.150       0.0.0.0/0
DROP       all  —  222.73.24.10         0.0.0.0/0
DROP       all  —  112.4.172.217        0.0.0.0/0
DROP       all  —  31.3.214.241         0.0.0.0/0
DROP       all  —  193.104.68.200       0.0.0.0/0
DROP       all  —  219.146.225.147      0.0.0.0/0
DROP       all  —  64.185.226.120       0.0.0.0/0
DROP       all  —  58.221.252.194       0.0.0.0/0
DROP       all  —  212.68.50.132        0.0.0.0/0
DROP       all  —  205.251.141.29       0.0.0.0/0
DROP       all  —  121.10.140.215       0.0.0.0/0
RETURN     all  —  0.0.0.0/0            0.0.0.0/0

fail2ban as i say in my post is a must have for ssh based security
with dynamic editing to the iptables firewall and clear logs it really is a
admins must have app

stay secure !

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.