debian

Block misbehaving IP addresses using Fail2Ban and AbuseIPDB

— Maarten Mulders

When you operate servers, whether physical or virtual, at some point in time you may find yourself victim to bots or botnets trying to access your server over SSH. Even if you configure your server to not expose SSH on port 22 (the default), chances are you will be a target at some point. This is especially true if your server is hosted in a public cloud, since these typically reserve ranges or blocks of IP addresses. Apart from making it as hard as possible to scan your server, you can also serve the community and report those attacks.

Checking logfiles with logcheck

— Maarten Mulders

If you own a private server, like me, you’ll probably know the feeling you need to check your logfiles every now and then. It’s not a lot of work, it’s not difficult, but it needs to be done, and it needs to be done regularly. As for me, the solution is simple. I installed the logcheck tool. This nice little tool will send you a daily email with all logging information on your system.