Intrusion prevention isnt showing any blocked threats or ip's.
I know ive been hit with SSH attacks when i have it open and running for remote stuff. Ive seen the same idiot trying to get in over and over on one day but nothing was showing up.
Under COS 5.2 I would have 10 blocked in there at a minimum all the time.
What gives? Glitch?
I know ive been hit with SSH attacks when i have it open and running for remote stuff. Ive seen the same idiot trying to get in over and over on one day but nothing was showing up.
Under COS 5.2 I would have 10 blocked in there at a minimum all the time.
What gives? Glitch?
Share this post:
Responses (2)
-
Accepted Answer
There are very few block rules in the default installation. Many of the 5.2 rules were very old/obsolete. If you want better rules go to Emerging Threats. Go for the No GPL rules so you won't get any clash with the supplied rule set. Alternatively you can take out a ClearCare subscription.
As a separate line of defence, quite a few people have posted about Fail2ban which sounds quite good.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »