rullzer

A while ago I wrote a little story about fail2ban. Back then I was using an unstable version (turned out later). And it did not work that well at the time.

However today I was updating the router and I checked all open connections (It can keep track of that) and I noticed some connections going to my server that I could not find out. Some people use my server for svn etc. But I recognize those IP’s most of the time. So anyway. I opened auth.log on the server (again) and I noticed a lot of login failures like: NTadmin, admin etc. So I figured I was in somebodies scanning range again and I decided that I would give fail2ban another try.

Currently version 0.8.0 is the latest and the even releases are stable. So that should be save. However they switched the entire configuration. Not a problem but you need to know it So after some easy configuring I started fail2ban. Worked like a charm. 5 minutes later all the unknown connections dropped (got killed) so another fine program to use.