Crowdsec - A Modern Replacement for Fail2Ban
Further reading/source article: https://danielmiessler.com/study/crowdsec
- allows you to detect attacks and respond at all required levels (detect where your logs are, block at CDN or application level)
- is easy to install and maintain with no technical requirement. The installer even comes with a wizard duh!
- is designed to be integrated with other solutions and components (ie. use CrowdSec to read your mod_security logs and automatically block attackers at your CDN level)
- is about sharing : meta-data about the attack/attacker you detect is sent to a central API, and malevolent IPs are shared with all users.
- is a lightweight : it runs standalone, doesn’t require much ram or CPU
- can work with cold logs: you can run it on “cold” logs and see what could have happened
- comes with out of the box dashboards, because we know visualisation is key
Please do not use the PM system here for Inception Hosting support issues.