0, Preface
Since Pagoda released the log audit, I can often see that some IPs fail to log in to SSH in large numbers, so they are manually blocked.
Log auditing is a feature of the enterprise edition.
To install the happy version, refer to the article on this site:
Install Pagoda 7.9.0 Enterprise Edition
https://blog.tsinbei.com/archives/293/
After installing the honeypot, I found out that there are more IPs, scanning my various ports all the time. Once a vulnerability is found and exploited, the consequences will be disastrous.
For server security related configuration, please refer to the article on this site:
Server Security (1) Pagoda Panel Defense
https://blog.tsinbei.com/archives/125/
After my configuration, I think it is very safe. However, there are still people who try to attack (sweaty beans here), so I have been manually blocking the IP. Before, I only blocked the IP in the Pagoda firewall. Later, I found that it was still accessible after blocking. It just returned 444 and went directly to the system firewall. Block it so he can't access any of my stuff at all.
So, I would like to share my "results" here.
The existing IP blacklist will not be overwritten, and there is no need to worry about conflicts with existing duplicates, it will be automatically recognized when the pagoda is imported~
1. Update record
2022-12-07
The latest number of system firewalls: 41
The latest number of NGINX firewalls: 115
2. Download link
Pagoda System Firewall IP Blacklist-221207.json
https://pan.tsinbei.com/s/6efb
Password: 4nfdtv
Pagoda NGINX firewall IP blacklist-221207.json
https://pan.tsinbei.com/s/q4cO
Password: ftz00i
Hackers & Scanners' IP
Comments