For those who do not know, I got struck down with depression four years ago and it took me nearly a year to get back to being on a somewhat even keel. And in general I suck at blogs, because I do not necessarily remember to post to them. However, a couple of recent events brought it to my attention and I thought I would post about it here.
I bought a rackmount server last year, and I have slowly been moving things to it. I have Dovecot (IMAP Server) running on it. I have Exim (SMTP), I have nginx (http/https), I have INN2 (NNTP) and I have containers, kerberos and a few other things. I have also managed to acquire 10G switch and 10G NICs, so I have finally made this box the router/gateway for the home. A firewall is essential, and while UFW probably could do the job, firewalld leverages nft directly rather than going via the old IPTables API. And I have been able to get IPv6 working via Karabro.se as well. But I noticed that this wiki was not responding, so I restarted it. And rapidly it would become unresponsive again, and again. So I started looking into why.
Sitting with IPTraf-ng and looking at connections, I noticed a lot of IP addresses from the 177.93.0.0/16 network would connect (just SYN-ACK and then sit there), overloading xwiki and causing it to be unresponsive. So I blocked them in the firewall. But then I started looking at other logs for services I run and would find other networks and ip addresses getting up to no good. I tried initially on my own to stem the tide, but then I recalled Fail2Ban. So I have set it up, geometric accelleration on ban time, and for the first time in weeks, the MRTG graphs are looking calmer. Logs are looking calmer. For SSHD, it is not ten attempts per minute, it is one attempt per ten minutes. And that is not even after 24 hours.
So the TL;DR is: if you are running Linux, are exposed to the internet, look at fail2ban. Have it observing your main services logs and take evasive action when they are targetted. It will save your bandwidth and it will save your services from a breach.