[owisd]

If you’re a hobbyist sysadmin setting up a personal VPS then the security risk is your own competence in correctly configuring things the better more robust less risky way, but you can’t replace yourself with a more competent sysadmin in this scenario, so fail2ban helps to Swiss cheese model this edge case.

[xinayder]

Excuse me, if fail2ban is frowned upon, what is the alternative to block crawlers that try to find wordpress or php endpoints on my website, two software that I don't have installed?

[dizhn]

The idea is you don't have to block those since there is no attack surface.

I look at the imap login attempts on my server sometimes. The passwords they try are usually pathetic. Nothing close to the 15+ character actual passwords we have in use.

[xinayder]

So the idea is I shouldn't need an alarm system in my house because all my valuables are kept at a safe that can't be opened by anyone but me?

I disagree with this, 404 queries still use resources and someone trying URLs in a matter of seconds should be blocked nonetheless.

[sseagull]

Saying anyone who makes mistakes is just incompetent is really just a “no true Scotsman” argument.

Everyone makes mistakes. That’s the whole point of the Swiss cheese model and of layers of security in general.