I put up a vps with nginx and the logs show dodgy requests within minutes, how do you guys deal with these?
Edit: Thanks for the tips everyone!
I put up a vps with nginx and the logs show dodgy requests within minutes, how do you guys deal with these?
Edit: Thanks for the tips everyone!
Depends on what kind of service the malicious requests are hitting.
Fail2ban can be used for a wide range of services.
I don’t have a public facing service (except for a honeypot), but I’ve used fail2ban before on public ssh/webauth/openvpn endpoint.
For a blog, you might be well served by a WAF, I’ve used modsec before, not sure if there’s anything that’s newer.
Waf is the way to go I think. Fail2ban has had it’s own issues over the years, and if you use keys then you can forget about the constant SSH attempts. The ‘AllowUsers’ option in your SSH config is a good place to start too.
I just find all of these “lock down port 22” posts to be so noobish. Declarative waf is the way to go