Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I do something similar. Any hits on the default nginx vhost get logged, logs get parsed out and "repeat offenders" get put on the shitlist. I use ipset/iptables but this can also be done with fail2ban quite simply.

https://nbailey.ca/post/block-scanners/



This is security theater.


No, it's security by obscurity which is a single, but important, step above security theatre.

To not appear on the radar is to not invite investigation; if they can't see the door they won't try to pry it open.

If you're already on their radar, or if they already know the door is there (even if they can't directly see it), then it's less effective.


Only kinda.

Doing something like this can prevent you from showing up on Shodan.io which is used by many users/bots to find servers without running massive scans themselves.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: