I have been running crowdsec on my OpenWRT firewall for a bit now, I am just curious as to what others think about it?

Thank you @irmadlad the webui you suggested is showing the logs a lot better than my vibe coded HA plug ins (both my ssh honey pot and my plug in showed nothing) looking over the logs shows so much activity that is happening.

  • Encrypt-Keeper@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 day ago

    How would it, or any software for that matter determine a given request is malicious before it does something malicious?

    • Mio@feddit.nu
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      17 hours ago

      Yes, that is the hard part. But it can be done. Geoip blocking like only allow your country - blocking every China or Russian user etc. If you are selfhosting at home and worry about your SSH access, then you can do a lot of things to block then early. It is all about authentication. Lets say you require VPN access in - example Wireguard. You could require access only through somebody else, like Cloud flare tunnel. You could also do “port knocking” but that is not encrypted. You could require the user first has to be authenticated somewhere else, like require first Microsoft login and only then your ip is allowed.