I've have to "remove" the automatic unbanning on the IP check page, Because, I kid you not, I had several IP unbanning Notifications from spammers wanting to be removed thismorning!!
These IPs wasn't even banned by my server, they were blocked from the abuseipdb block lists because of thousands of reports.
So when IP addresses are requested to be unbanned, I get a notification and will manually review the IP request. Which can take a few hours to a few days.
So I suggest guest readers register and login once a week to make sure your kept whitelisted. As I can see me having to take down the IP check page the way things are heading.
Currently new attacks have been at a all-time low this past week. I think banning ranges has done the trick as it doesn't give other IPs the chance to really hit the server anymore. A lot of my older rules don't even find anything with my new improved detection rules. I'll leave them running though as each jail checks for different types of mass attacks. There's 33 jails running now.
I'm still monitoring every couple of days. I found last week that fail2ban was keeping banned IPs in memory and the server was a heartbeat away from crashing due to lack of RAM. I thought keeping the SQLite file small would do the trick but nope. I wasn't aware F2B made a store in RAM also. I mean like 4GB worth of banned IPs... So that should be fixed now.
You will not be able to post if you are still using Microsoft email addresses such as Hotmail etc
See here for more information viewtopic.php?f=20&t=7296
See here for more information viewtopic.php?f=20&t=7296
DO NOT USE DEVICES WHERE THE IP CHANGES CONSTANTLY!
At this time it is unfortunately not possible to white list users when your IP changes constantly.
You may inadvertently get banned because a previous attack may have used the IP you are now on.
So I suggest people only use fixed IP address devices until I can think of a solution for this problem!
At this time it is unfortunately not possible to white list users when your IP changes constantly.
You may inadvertently get banned because a previous attack may have used the IP you are now on.
So I suggest people only use fixed IP address devices until I can think of a solution for this problem!
Server updates
Re: Server updates
I needed a CAPTCHA for the IP check page to try and slow down all the unban requests from spammers.. Even though I hate cloudflare, they had a free "drop in"module, so given that a try.
A lot of the IP addresses had been banned via the abuseipdb blacklist. I was considering moving that blacklist to the top of the firewall chain to solve that problem, but I'm getting unban requests from the Brazil IPs now, where almost nobody has reported them yet, so that system would not work
Problem is I don't know if users or bots are requesting the removals. But anyway the page has been significantly updated now with the CAPTCHA verification. Hopefully if anything that will slow things down a bit.
Powered by GPT5
With the changes you’ve got in place:
- Capture.PNG (43.28 KiB) Viewed 137 times
A lot of the IP addresses had been banned via the abuseipdb blacklist. I was considering moving that blacklist to the top of the firewall chain to solve that problem, but I'm getting unban requests from the Brazil IPs now, where almost nobody has reported them yet, so that system would not work
Problem is I don't know if users or bots are requesting the removals. But anyway the page has been significantly updated now with the CAPTCHA verification. Hopefully if anything that will slow things down a bit.
Powered by GPT5
With the changes you’ve got in place:
- Bots can’t just auto-unban anymore (email approval link needed).
- Spambots get tripped up by Turnstile + honeypot.
- Humans must give you a reason, which gives you context before approving.
- CSP is tight, but now explicitly allows Cloudflare’s Turnstile.
Re: Server updates
Just a forewarning, that I'll be doing server updates at some point over the next few days, so the server will be down for a few minutes while the server is rebooted and the new kernel is installed.
Each time the server is rebooted, users may likely see SQL errors for about a minute until the system has fully restarted. This is actually normal and nothing to worry about.
Also the server will generally run somewhat slow after a reboot because of the firewall lists have to be rebuilt from the last saved state which maxes out the CPU for a couple of minutes.
It is difficult to exactly test the restore of the firewall because there is a lot of scripts involved where I can only really test them after a reboot.. So it's possible I may have to spend some time sorting that out and maybe even rebooting the server again to retest. Everything is working fine.
Generally, after every boot, the server mostly settles down after about 5 to 10 minutes. Most users will probably not notice anything anyway..
Each time the server is rebooted, users may likely see SQL errors for about a minute until the system has fully restarted. This is actually normal and nothing to worry about.
Also the server will generally run somewhat slow after a reboot because of the firewall lists have to be rebuilt from the last saved state which maxes out the CPU for a couple of minutes.
It is difficult to exactly test the restore of the firewall because there is a lot of scripts involved where I can only really test them after a reboot.. So it's possible I may have to spend some time sorting that out and maybe even rebooting the server again to retest. Everything is working fine.
Generally, after every boot, the server mostly settles down after about 5 to 10 minutes. Most users will probably not notice anything anyway..
Re: Server updates
Updates & kernel updates now completed 
Had a bit of trouble with the firewall restoring again after a reboot
some entries were missing and GPT seem to have got stuck in a loop again fixing a bash script... GPT seems to say "ahh yes the error is... heres the fixed script"... but still broken like 50 times over
Gave the same problem to Grok and it fixed it first time !! Then Grok died , but came up about 15mins later.. then fixed a few more things first try!
Had a bit of trouble with the firewall restoring again after a reboot
some entries were missing and GPT seem to have got stuck in a loop again fixing a bash script... GPT seems to say "ahh yes the error is... heres the fixed script"... but still broken like 50 times over Gave the same problem to Grok and it fixed it first time !! Then Grok died
, but came up about 15mins later.. then fixed a few more things first try!