How is this different from Fail2Ban?
Comment on Nextcloud zero day security
beerclue@lemmy.world 5 months ago
Not only for Nextcloud, but I recommend setting up crowdsec for any publicly facing service. You’d be surprised by the amount of bots and script kiddies out there trying their luck…
False@lemmy.world 5 months ago
johntash@eviltoast.org 5 months ago
Iirc crowdsec is like fail2ban but blocks ips reported by other servers, not just ones attacking your server. Kinda like a distributed fail2ban I guess?
False@lemmy.world 5 months ago
Neat
TwinHaelix@reddthat.com 5 months ago
My recollection is that Fail2Ban has some default settings, but is mostly reactionary in terms of blacklisting things that it observes trying to get in. Crowdsec behaves in a similar vein but, as the name implies, includes a lot of crowdsourced rules and preventative measures.
Comptero@feddit.ch 5 months ago
In my understanding fail2ban will block ips if they are detected to do brutforce or use known exploits.
Crowdsec will share this IP via a blocklist to all subscribte systems. You will benefit form the detection of other systems and not only your own.
thisisawayoflife@lemmy.world 5 months ago
One of my next steps was hardening my OPNSense router as it handles all the edge network reverse proxy duties, so IDS was in the list. I’m digging into Crowdsec now, it looks like there’s an implementation for OPNsense. Thanks for the tip!