#crowdsec

russ@diasp.org

I've been using CrowdSec for a few weeks now and it's pretty good, if occasionally a little rough round the edges. I particularly like the console which gives nice visualisations and stats on attack types, countries, ASNs, targets and so on. Dual running with fail2ban, CrowdSec didn't miss any of the usual SSH brute force attempts (in fact it seems to pick up more, out of the box) and the shared community blocklist (currently 11k IPs) is a killer feature.

I haven't turned off fail2ban entirely only because CrowdSec doesn't yet have collections for exim and sendmail - if nobody else adds them I might contribute them myself when time permits. However there's-out-of-the-box setup for lots of other common server apps. The installer does a reasonable job of detecting what's running and configuring it for you on first install, and you can install more collections with a single command.

It's worth remembering to update collections from the hub regularly as new attack detections are periodically added. That's just a couple of commands with cscli, the provided CLI client, which is the main way of seeing what it's doing and configuring it. I've made a few manual tweaks to the config (YAML) to match my setup (log file locations, and ignoring my own IPs for safety) and that's it.

#CrowdSec #fail2ban #sysadmin

mlansbury@despora.de

CrowdSec - The open-source & collaborative IPS

The quantity of pre-detected IPs which are identified as aggressive & dangerous has increased dramatically as CrowdSec continues to be put into use by more and more individuals and organisations.

CrowdSec is OpenSource, free and also offers professional services for organisations which feel they need to pay in order for OpenSource to be OK to use.

Collaborative Security

"Our strength comes from our cybersecurity community that is burning cybercriminals’ anonymity. By sharing IP addresses that aggressed you, you help us curate and redistribute a qualified IP blocklist to protect everyone."

https://crowdsec.net/

#security #privacy #WordPress #Drupal #Internet #OpenSource #CrowdSec #server #protection #Fail2Ban