For those saying "why fail2ban?", fail2ban can be used for a great deal more tha... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

walrus01 on June 16, 2016 | parent | context | favorite | on: My First 10 Minutes on a Server

For those saying "why fail2ban?", fail2ban can be used for a great deal more than just watching the sshd log. You can activate fail2ban rules for apache and nginx which help significantly with small DDoS, turning spurious traffic/login attempts into iptables DROP rules. And a lot of other daemons.

KB1JWQ on June 16, 2016 [–]

At least one log parsing tool I've seen in years past was vulnerable to log injection attacks. Hilarious proof of concept to own a box by way of PTR record.

I haven't checked to see whether fail2ban suffers from this model or not.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact