Since I have been playing with Docker for the past few weeks I have had more servers on-line. I don’t have a static IP address at home so while I have a jump host setup I found I was still being port scanned and brute forced.

I only caught a sniff of it in the logs while looking at another problem, even though password authentication is disabled and I only use keys I decided install Fail2Ban to start blocking people, just in-case. As I use Puppet I installed a module and enabled it. Since then I have been flooded with emails !!!

Across both of the machines I am currently running it has been triggered over 150 times in the last 48 hours, and thats just SSH. Considering that this machine is nothing than a test server I would hate to be actually running anything of worth.