I am looking at number of logs
tail -f /var/log/mail.log
tail -f /var/log/nginx/access.log
What other log should I be checking?
and I see the more or less the same IP addresses populating my log files trying various attempts to gain access …
Would it make as sense (if not please, please let me know why) for the community to collate such IP addresses and BAN them completely from accessing our boxes with firewall rules like “UFW deny from ip_address”?
Maybe have another branch on github collecting offending IP would be good idea?