I put up a vps with nginx and the logs show dodgy requests within minutes, how do you guys deal with these?

Edit: Thanks for the tips everyone!

  • apigban@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    Depends on what kind of service the malicious requests are hitting.

    Fail2ban can be used for a wide range of services.

    I don’t have a public facing service (except for a honeypot), but I’ve used fail2ban before on public ssh/webauth/openvpn endpoint.

    For a blog, you might be well served by a WAF, I’ve used modsec before, not sure if there’s anything that’s newer.

    • LastoftheDinosaurs@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      ·
      edit-2
      1 year ago

      Waf is the way to go I think. Fail2ban has had it’s own issues over the years, and if you use keys then you can forget about the constant SSH attempts. The ‘AllowUsers’ option in your SSH config is a good place to start too.

      I just find all of these “lock down port 22” posts to be so noobish. Declarative waf is the way to go

      Edit: Red Hat Identity Management (IdM) + Hashicorp Vault if you really care about SSH. Rotate your keys and create new users automatically