Hacker News new | past | comments | ask | show | jobs | submit login

You may have accidentally reinvented https://en.wikipedia.org/wiki/Fail2ban :)



That wasn't really the point of the article, I'm showing how to gather data on where they came from. Blocking is completely optional, and not for everyone.


fail2ban is saving my bacon right now.


From what? Generally fail2ban only exposes unnecessary attack surface while providing zero benefit.


How does fail2ban expose attack surface?


It's code running on partially attacker-controlled inputs. It several times had vulnerabilities that allowed an attacker to trigger blocks for arbitrary IPs.


I remember there's a privEsc on old versions of fail2ban.


Do you remember roughly when the privEsc was?

https://www.cvedetails.com/vulnerability-list/vendor_id-5567...


Sketchy parsers operating on untrusted, unstructured log data.

fail2ban is worse than useless.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: