Would it make sense to integrate https://www.crowdsec.net/ with MIAB?
It monitors for suspicious behaviours and reports them, then in turn other users get the info about malicious IPs.
I’d vote a cautious no.
We’ve already got fail2ban, doing (from our point of view) a similar job. I don’t think it would work with fail2ban, so it would involve removing something that works, to replace it with something similar.
And I’d hesitate to put much effort into integrating a commercial product. They do have a free tier - for the moment … until the company is sold or they change their mind.
I’ve recently looked at abuseipdb.com which does something similar. Although it is quite simple to integrate with fail2ban, I would suggest that taking part in some kind of crowd sourcing like this should be a conscious decision by the MiaB user and thus not be automatically enabled for everyone.
1 Like
This topic was automatically closed after 61 days. New replies are no longer allowed.