Hi!
So we’ve occasionally been getting malicious actors trying to access one of our web services. It’s more of a nuisance than a security issue since they’re not able to get in.
However, it is a big nuisance in our logs! If I was running a linux server, I’d probably install something like fail2ban (GitHub - fail2ban/fail2ban: Daemon to ban hosts that cause multiple authentication errors ) – is there anything similar? (or a good way to use fail2ban on render?)
Hi Leslie,
Sorry to hear your logs are being bombarded with malicious traffic, that sounds frustrating. Are you using Cloudflare for your DNS host by any chance? If you know the specific IPs you’d like to ban, you could lean on Cloudflare to block certain IPs: https://serverpilot.io/docs/how-to-block-ips-with-cloudflare/
I haven’t worked with fail2ban , does it always scan log files or is it able to hook into a log stream? If it’s able to trail log streams my guess is that it might work on Render, you might need to include it with a Render service.
Hope this helps!
In my Rails app I’ve been using GitHub - rack/rack-attack: Rack middleware for blocking & throttling to block abusive requests for years (on Heroku) with much success. I’d also been using IPCat GitHub - kickstarter/ipcat-ruby: Ruby port of client9/ipcat along with rack-attack to automatically block requests from datacenters.
When I switched over to Render I had to fork IPCat and remove all of CloudFlare’s IPs from its IP list because Render using CloudFlare and all traffic to my site was getting blocked by IPCat. It’s working fine again after removing the CloudFlare IPs.
Perhaps you could do something similar within your app’s stack.
I believe fail2ban only works for log files and scanning those.
I am going to investigate ipcat a little more- that looks like it might work for our purposes.
Cloudflare will only block IP’s if Render requests it on your account, since we don’t work with cloudflare independently so we don’t have our own cloudflare dashboard.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.