Hi, some readers here will know that I am pretty inexperienced so I am very pleased to see a "Newbies" forum. Thanks for that.
Like many others I see brute force attacks on my server and so far, it seems that none have managed. Provided secure passwords are used and all other aspects of security are as they should be, I guess I should not be too worried. On the other hand I shouldn't be too complacent, particularly since I am a newbie.
I have seen in the logs (and via Logwatch) brute force attempts to gain access via SSH, POP3 and FTP.
I am happy that SSH is not a problem because access is barred from all but two IP numbers.
That leaves POP3 and FTP.
I think I would like to ban an IP number for, say 5 minutes after say, 3 incorrect login attempts.
I have dug around and cannot find anything built in in PAM, Pro-Ftp, Dovecot etc.
I have tried to learn about IP Tables but having a hard time knowing exactly what I should do and being aware that I could lock myself out. Add to that a lot of conflicting info on the web.
So I did some searching for alternatives. Fail2Ban sounds like the type of thing I am looking for.
If I install Fail2Ban, will that conflict with VM or WM ?
Has anybody got any better suggestions ?
Am I missing something ?
Apologies for continuing to harass you guys.
Thanks for reading.