 |
Forum Contributor |
Joined: Fri Jul 18, 2014 1:54 pm Posts: 175
|
Hi, I am using fail2ban and I am also using SSH key authentication to get into my VPS. I have not changed the SSH port yet but I will be doing that very soon (today or Monday). Fail2ban gives me 5 tries to log in (more than enough if I am off site at a different IP address). Because my home computers are very secure I am using a macro to run Putty and WinSCP to log in (the delays between screens are 1 second so it has run flawlessly every time (so far) but with 5 tries to log in there is no worry). The first thing this macro does is pull up my public IP address with a google search "My IP Address". When it changes I log in and set up fail2ban to make this new IP address an ADDITIONAL exception. I do the same with the phpMyAdmin config file and I backup these config files to my home machine. Logging in with this macro has been very educational. I have learned that my IP address changes every 3 or 4 days. I thought there was no problem until this question occurred to me this morning. "Is it possible for a hacker to be using a public IP address provided by my service provider such that they have already been blocked by my Fail2Ban program in the iptables and I will some day get this new IP address and I will be locked out for the length of time I have set up in the Fail2Ban program (In other words the iptables will not even allow me to try and log in)?". I am assuming the answer to this question is yes and I should stop using fail2ban. Am I correct?
Thanks, John
|
|