Hi!
So we’ve occasionally been getting malicious actors trying to access one of our web services. It’s more of a nuisance than a security issue since they’re not able to get in.
Sorry to hear your logs are being bombarded with malicious traffic, that sounds frustrating. Are you using Cloudflare for your DNS host by any chance? If you know the specific IPs you’d like to ban, you could lean on Cloudflare to block certain IPs: https://serverpilot.io/docs/how-to-block-ips-with-cloudflare/
I haven’t worked with fail2ban , does it always scan log files or is it able to hook into a log stream? If it’s able to trail log streams my guess is that it might work on Render, you might need to include it with a Render service.
When I switched over to Render I had to fork IPCat and remove all of CloudFlare’s IPs from its IP list because Render using CloudFlare and all traffic to my site was getting blocked by IPCat. It’s working fine again after removing the CloudFlare IPs.
Perhaps you could do something similar within your app’s stack.
I believe fail2ban only works for log files and scanning those.
I am going to investigate ipcat a little more- that looks like it might work for our purposes.
Cloudflare will only block IP’s if Render requests it on your account, since we don’t work with cloudflare independently so we don’t have our own cloudflare dashboard.