[nickdothutton]

Just use something like fail2ban to drop these at the packet filter level, either courtesy of your cloud provider or on the host itself. Make sure your sshd config is watertight.

[loeg]

You know, or just don’t use fail2ban: https://research.securitum.com/fail2ban-remote-code-executio... . It’s adding extra attack surface for a cosmetic benefit.

[tempodox]

Good catch, thanks!

Remedy: Don't let fail2ban send mail, or at least remove the whois part.

[nousermane]

Are there reputable places where people can share the IPs tripping fail2ban? Like spamhaus.org, but for scanners?

[cpach]

Honest question: Why bother?

[megous]

nftables allows to automatize blocking of IP addresses (even with a automatic timeout) without any userspace involvement.

Pretty nifty feature.