🛡️ [Nouveau] Script d'Audit de Sécurité Mail pour YunoHost - Rapports HTML automatiques

Most cdn and update sources are from US servers… I had tried that and my server became slow as hell.

Hey,
I took the time to do it today, no worries… installation, config… everything went well.
(No blocking for the United States and Malaysia).

Now I’m waiting to see what it’s going to give.
As for updates, I think I’d do them manually, I prefer.

Thanks for this script

Hello,

Je viens d’essayer et ça marche bien! Merci pour ce travail.

Pour bloquer les attaques, il pourrait être envisageable de se servir des API pour https://www.abuseipdb.com/ pour bloquer directement les IP identifiées comme malintentionnées.

Since I can’t block the US, can I at least block those two manually? :

This is good, your fail2ban is working.

I used this script because I had a massive attack from different IPs, trying the same username, from the same countries. It looked like a disseminated bot, that was evading fail2ban blocking.

Have you ever tried crowdsec? I’ve been using it on my yunohost since few months and i’m impressed by its efficiency. It analyses the behaviour of attacks, so perharps it can blocks this type of massive attack.
My server is more quieter and works much less . At the beginning, i thought it had broken down or was switched off because it didn’t make any noise . I guess F2B do the job but Crowdsec blocks earlier with the help of the community list and can detect behaviour.

Interesting, will have a look at it. I knew about it, but didn’t try it, in fact, in terms of making a package out of it, it’s doable.

interresting how to use it with yunohost serveur ?

Interesting, but you need to create a CrowdSec Console account?

As-tu installé et testé ?

Yeah, I did the right thing to make it work, and I don’t have to complain about my configuration
And the script (block countries yunohost) is really very effective, it blocks the countries I’ve added , and as far as updates are concerned, it’s done correctly, without any problems.
Thanks again for this script

Yep, I am just consider trying it… it’s nice a script, thanks

It’s not a requirement, but with it you contribute to the community list and you can add 3 mores lists for free, so i do it.

Ok!

I just found this info: Crowdsec plutôt que Fail2Ban - #4 by CrowdSec

i followed some tutorials on the net, but they are often incompletes to not forget something. I read a little the docs and the commands manual to complete them. I add collections for the apps i use (nexcloud, navidrome,etc…) - I take notes (incomplete perhaps? but i understand how it work if something is missing) , i can share them with you if you want in M.P. because it’s more of a draft than a real document to make a post on the forum.
it’s really simple when you understand how it works.
It can replace Fail2ban but you can leave them both at the beginning, or more if you want (mine didn’t ban anything since crowdsec has been installed, only recidive list had some IP after few days because i had put a long bantime.

Yes, I’ll take a look.
Thank you

It’s an old topic, beware, crowdsec was young at this moment, commands are not always the same today. in 2020 - 2022 i’m thinking it was too young to deployed it on a yunohost server in prod, now it’s more mature and i don’t have problems and it blocks all the Ip that F2B blocks (see my answer to @Issa ) and much more preventively.

I saw on their site “manual installation”: Manual installation

It can give an idea for Yunohost.

I always use the native debian packages but i do an exception. I don’t advise you to use the debian repository package, it is too old, but the official crowdsec repository to stay with a recent version.

Ok, thank you