[wellylug] Blocking bad IPs from server
Cliff Pratt
enkidu at cliffp.com
Sat Jan 27 11:06:00 NZDT 2007
John Durham wrote:
> Daniel Pittman wrote:
>>
> At this stage I am far from compiling modules. It's not like my old Z80
> days compiling from assembler any more. I'm not even sure of the
> language you are talking about. What would it be? Thanks for the
> fail2ban recommendation.
>
[lot's snipped]
John, what ports do you have open to the Internet? If you only have
ports 80 (http) and 443 (https) open to the Internet, then there is
little to be gained from a blacklist. A better approach would be to
ensure that nothing on your machine is vulnerable, and that principally
means not opening any incoming ports and ensuring that you only have
safe scripts. The last bit is the hardest.
Cheers,
Cliff
More information about the wellylug
mailing list