We have several installs from distro that we have recently updated the OS through Module Admin (great feature!). Subsequent to those updates (version 220.127.116.11) Fail2Ban is being kept quite busy, just as we are, blacklisting the “mostly” Eastern Block countries IP blocks.
- What got updated in the OS updates that caused a new flag to be raised to the hacker community?
- Fail2Ban is not responding as quickly as the settings. We set it at 5 attempts and lockout of 172800 seconds (2 days) yet we get Fail2Ban notices on the same IP 12 hours apart after 15 attempts, not five and not 2 days later. Why?
- There was work being done on the firewall module in FreePBX to auto-blacklist attackers IP’s. What happened to that project?
Appreciate any insights.
Side note: when we blacklist the attacking IP blocks they go away (firewall is doing a great job), but it is time consuming and after the fact.