i check log everyday, and i always see random ip addresses are bein banned then unbanned in the log, those ip addresses i don’t know. should i worry about that ?
No. It just means that fail2ban is working correctly.
3 Likes
but all of these ip addresses are from different countries, and are banned firewall services SSH and MAIL. are those hackers ? should i do permanent ban for those ip?
can i modify anything in fail2ban config to improve security as there is alot of banned ip being banned then unbanned?
Please advise, I’m new to HestiaCP
You should read about how to setup some additional IPSet blacklists for different services:
Limit access to your ssh service f.e. through firewall or /etc/hosts.allow
# Location 1 / Location 2 / Location 3
sshd: XX.XX.XX.XXX, XX.XX.XX.XXX, XX.XX.XX.XXX
Make sure you setup multiple ip’s in case one changes unexpectedly.
(I have f.e. some VPN ip’s to connect to when i’m on the road.)
Set /etc/hosts.deny
sshd: ALL
1 Like
what can i do if i don’t have static ip connection to limit ssh service (should i install vpn server on my vps?) ?
is there any way to update the exim4 blacklist like weekly using a cron job ?
No, you can connect through VPN to your server… Please read official documentation and my setup guides. They are very much newbie-proof.
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.