When your company hosts a website or web app online, whether it’s an individual dedicated server or a whole server cluster, you naturally expect to have uninterrupted access at all times. However, it’s possible that in rare circumstances, your server could accidentally block your IP and prevent you from connecting and using the service.
If that has happened to you, this quick summary will provide you with all the essential information needed to verify the status of your IP. Additionally, we will offer some of the most common reasons for being blocked, as well as a few suggestions on how to unblock and whitelist your IP as quickly as possible.
Fail2ban is an open-source software that actively scans the servers log files in real-time for any brute force login attempts, and if found, summarily blocks the attack using the servers firewall software (firewalld or iptables). Fail2Ban runs as a background process and continuously scans the log files for unusual login patterns and security breach attempts.
Have you ever logged into your server and seen a message like this?
Last failed login: Fri Dec 28 11:37:02 MST 2018 from 192.168.0.102 on ssh:notty
There were 942 failed login attempts since the last successful login.
Last login: Mon Dec 24 13:35:57 2018 from 192.168.0.101
Reading Time: 3minutesOne of the simplest goals of server security is keeping administrator credentials private. There is no better way to achieve this than through strict firewall rules that only allows specific IPs to authenticate. However, there are some situations where it is necessary to open a login prompt to the broader Internet. In this case, the only thing barring anonymous internet users from unauthorized access is your password. The stronger your password, the better off you are, but even the most cryptic passwords can be guessed given enough tries.
Continue reading “Malicious Activity Detector (MAD) for Windows”→