I was using denyhosts and now fail2ban to block IPs, but what is most simple and good way to block IPs that is scanning my open ports?
If possible, how to do it in either f2b or in iptables please?
UPDATE:
I liked denyhosts more than f2b for SSH bruteforce baning since it was simple to setup, but it seems to no longer be maintained +. for the port scan and tens of other malicious activities detecting i have used CSF https://configserver.com/cp/csf.html it is one of the best firewall extension. Since no one suggested other way, maybe to try this one, but it is quite complex system for my current usage case :-/
Update, found something helpful:
1. https://webmasters.stackexchange.com/questions/30821/fail2ban-port-scanning
2. http://stonygate.altervista.org/ser...o-per-internet/fail2ban-portscan-brute-force/ (if you are using UFW and having all ports closed excpet selected ones open)
If possible, how to do it in either f2b or in iptables please?
UPDATE:
I liked denyhosts more than f2b for SSH bruteforce baning since it was simple to setup, but it seems to no longer be maintained +. for the port scan and tens of other malicious activities detecting i have used CSF https://configserver.com/cp/csf.html it is one of the best firewall extension. Since no one suggested other way, maybe to try this one, but it is quite complex system for my current usage case :-/
Update, found something helpful:
1. https://webmasters.stackexchange.com/questions/30821/fail2ban-port-scanning
2. http://stonygate.altervista.org/ser...o-per-internet/fail2ban-portscan-brute-force/ (if you are using UFW and having all ports closed excpet selected ones open)
Last edited: