My system is being seriously bombarded. In the past I had created custom scripts with incremental firewall blocking (starting with a few minutes, then x2 over and over until the time was incredibly long. Easily helped handle intense dictionary attacks and more.)
That was long ago. Web/Virtualmin has fail2ban.
I have learned that since 0.11 – fail2ban as incremental blocking! I need this.
What would it take to get this, which is in the next version of Debian used by Web/Virtualmin?
I was aiming for releasing a beta vm7 installer for Alma/Rocky/RHEL tonight (er, last night) with plans to finish up Debian/Ubuntu by the weekend, but then I had to put out a half dozen fires due to an old server going offline and our glue records being out of date, among other things. So I’m at least a day behind that schedule. But, I may still finish it all up by the weekend. We’ll see.
moved to debian 11 last night on a production machine with virtualmin 6 gpl, cause some WP plugins don’t work with php7.3 anymore…
everything runs smoothly so far, and just enabled incremental blocking in fail2ban/jail.local… still not sure if/how that works, will be looking at it for the next days/weeks.
I’ll wait for @Joe 's beta, but will provide suggested incrmental configs ASAP after that. I’ve been using it for over two decades in my custom setup… amazingly effective.
(We just got burned by another way I had handled some things: static blocking of IP ranges for certain sources. The internet is simply not static… some of the static blocks now below to legit sources. Oops.)
Yeah, an upgrade should be fine. No major changes in Debian 11.
We just don’t yet support installs on Debian 11 yet. (And, fresh installs of Virtualmin 7 will be slightly better than Virtualmin 6 in the sense that it’s got less going on by default, and also uses MariaDB instead of MySQL. But, not many major changes in our installation, either.)
never heard of fail2ban incremental blocking before your post, thanks for this!!
it’s working fine for the past 2 days… never had any special issues, but i like the way it gradually blocks repeated offenders, without the need for recidive filter. nice!
