80
this post was submitted on 17 Apr 2024
80 points (97.6% liked)
Cybersecurity
5626 readers
36 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
There's a few ways to do it; but if they block based on username it can lockout legitimate users too.
This is what fail2ban is for. Too many failed auths from an IP and that whole IP is blacklisted for a day or two. This can still catchout vpn users, but it's still less disruptive.
Many blocked for an hour or even just 10 mins. at the time it was enough to get the attack scripts to change targets.
I went a bit overboard I think with my fail2ban configuration. If you fail 2 times to login in any admin interfaces (ssh, web, etc), you get banned for around 4880 days.. I have too many banned IPs already.. :/