That is what I thought was going on, but I wasn't sure. I have written a bash script that auto builds an iptables record that DROPs any intrusive hits to my web page (404, POST, PUT, DELETE, PATCH, TRACE, HEAD, CONNECT) or SSH hits (Failed password, POSSIBLE BREAK-IN ATTEMPT, authentication failure, Did not receive, Invalid user). It is probably similar to FailToBan, only it never reopens the DROPed IPs. I thought I would clean up the DROPs if they were 0.
Thanks.
|