Facebook
Twitter
pr0tax
New Pleskian
I've been monitoring my server logs (the realtime log browser) and even though my HW firewall is setup to only permit access to a particular set of ports (ie: apache/nginx/ftp) etc. I still see a constant stream of bots/ips/servers trying to access SSH on my server and being unsuccessful.
I use a custom SSH port, so not the default 22 or 2222. However, I am getting tired of seeing the relentless port scans, in particular SSH scans on random ports so I first looked up port knocking, I was close to installing and configuring it but a few articles put me off.
Instead, I thought, maybe I could just be absolutely hardcore and lifetime ban ANY ip address that tries to access SSH through *any* port number that isn't my custom one.
My question is, I'm not overly familiar with iptables in fail2ban, so I ChatGPT'd it and I just wanted some guidance and advice before I proceed to try it. I also want advice on whether this is a good move to do. I am fully aware of my custom port number, so there's not really any chance of me locking myself out.
TIA.
I use a custom SSH port, so not the default 22 or 2222. However, I am getting tired of seeing the relentless port scans, in particular SSH scans on random ports so I first looked up port knocking, I was close to installing and configuring it but a few articles put me off.
Instead, I thought, maybe I could just be absolutely hardcore and lifetime ban ANY ip address that tries to access SSH through *any* port number that isn't my custom one.
My question is, I'm not overly familiar with iptables in fail2ban, so I ChatGPT'd it and I just wanted some guidance and advice before I proceed to try it. I also want advice on whether this is a good move to do. I am fully aware of my custom port number, so there's not really any chance of me locking myself out.
TIA.
