I haven't heard of crowdsec before, but have wanted to write something that does exactly that for some time. Will definitely look into this more. I really hope they have open sourced the collection server/database piece, so that anyone can run their own (because the public service gets DoS'd or shuts down, etc.). If you can use multiple public collection services, I'd suggest we set one up for the ispconfig community, preconfigured for use (both for security incidents and spamming).
Also somewhat germane to your question, do you have any custom configuration, or just using the collections/configuration/bouncers right from crowdsec hub? What all did you envision or hope an ISPConfig integration would configure and do? It seems like a Perfect Server tutorial that had a few commands to run the crowdsec install wizard and get it pointed at the control panel node, which itself runs the web interface, would be sufficient? Also to answer my earlier wandering, they do not make the "consensus engine" available to the public currently, and it sounds like probably no plans to do so any time soon.
Hi Jesse, holidays so sorry for my late reply, Happy New Year! That would be sufficient indeed. There is currently one issue which I had to resolve in my personal setup, I had to turn this report off as it crashed crowdsec after the first attempt on port 22 Code: cscli scenarios remove crowdsecurity/ban-report-ssh_bf_report all other stuff on their hub I currently have activated.
Yes works together smooth , but I turned Fail2ban off. Crowdsec is so much more effective because bad IP's don't even pass the firewall. The owners of these IP's do not only focus on brute force. Crowdsec in conjunction with the CSF firewall - which also has a Fail2ban alike brute force protection feature as only one of it's many features - offers in my humble opinion a better protection then the default Fail2ban / Firewall setup from ISPConfig. CSF also allows you to add extra DNSBL lists. Also you should modify the default sysctl.conf (credits Aysad Kozanoglu, Github) and so on. Brute Force is only one of the many treats, still coming in a lot, almost always SSH or FTP.
Hello, Plus 1000 for crowdsec. It's much more powerfull and resource efficient than fail2ban. Fail2ban is uninstalled on all my servers for more than two years. Crowdsec can also protect PHP applications. Actively maintained. Really Good. https://www.crowdsec.net/blog/crowdsec-wins-grand-defi-cyber
