On 2024-04-28 11:03, Charles Dennett wrote:
On 4/28/24 10:31 AM, Frank Bures wrote:
Hi,
My machine is exposed to the wild and I was seeing hundreds of connection
attempts per day in my logs and in fail2ban.log.
All these nefarious activities ceased after upgrade to F40.
Question:
Is there something fundamentally different in F40 connectivity?
I can still connect from outside on pre-defined ports using ssh so my ISP
is not blocking anything.
I also use fail2ban to keep the riff-raff out of my home web server. I
also have ssh on a non-standard port and smtp and imap/pop. I saw no
difference between 39 and 40. I even have some jails set to aggressive
mode plus one wrong move and the IP is banned. Sorry, but I have to ask.
It is running, right? What are the lines in the fail2ban log when it
starts? Can you connect from the outside to whatever ports you have open?
Does "sudo systemctl status fail2ban" tell you anything?
Those were the first things I checked. Everything is OK.
The problem is that there are no connection attempts in /var/log/secure or
/var/log/messages so obviously f2b has nothing to do. There are only
legitimate connections by me in the logs. Where have all the attackers gone?
Cheers
Frank
--
<listfrank1@xxxxxxxxx>
--
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
