Lots of users with internet connected FreedomBox are shocked when they discover the massive volume of ssh intrusion attempts seen in auth and fail2ban logs. Looking in /_cockpit I began to notice intrusion attempts through HTTP. And, why would there not be? I’m happy to see fail2ban working on these intrusion attempts as well.
10 minutes in the penalty box for 34.159.120.4. lol
That looks like a Google Cloud customer, by the way. I think I’m going to watch for a juicy example and report abuse to the cloud provider, just to see what happens.