Keep script kiddies and bots away with an up-to-date IP blocklist made by the community.
Ghostblock is an ever-growing blocklist of bad IP's gathered by you and other sysadmins using the script. It scans journald (systemd) on your server on a daily basis through various regular expressions and filters, collecting failed SSH and MYSQL root/non-user login attempts - which counts for most of all the crap traffic your typical web server will receive. Additionally, it logs your fail2ban records for good measure.
Your share of naughty IP addresses merges into one centralized master blocklist, or blockchain if you will, this way you automagically get up-to-date blocklists from other peers as well. Now you can choose to ban them all manually - or by using the Auto-block feature.
You see, Ghostblock is like a neighborhood of server friends - I got your back, you got mine. If you spot someone shady, you report it so we all can lock our doors. Undoubtedly, we return the same favor. The result? Less bulk hacker attempts across the board and reduced server load. Best case scenario it saves you from giving away root access.
I have been looking for the ultimate blocklist for quite some time, only to find that there is none. Desperate measures like country blocklists came to mind. Effective indeed, but not that intelligent. I may have a client in China, or a contractor in Russia - I certainly would not want to freeze those people out.
Still, I wanted to block as many bad IP's as I could. I tried other blocklists out there. Despite that every blocksite looks like they were developed in the 90's, after I did som testing I didn't find much use for their blocklists either, which I will cover in another story. To keep control, I wrote Ghostblock as a compromise.
Like whiskey, Ghostblock will get better in the course of time and as more people join, you and I will get a more powerful IP blocklist. Currently in beta, I'm looking for people to review the concept/script. Any feedback is appreciated, really. Send j...@protonmail.com an email and I will share the initial code with you.