內容簡介
許多外掛在連接後使用資料庫檢查惡意 IP,當然 fail2ban 可以停止重複攻擊,但如果可以在攻擊前阻擋不良 IP 會怎樣呢?
透過協同合作,共享攻擊資料,WP fail2ban Blocklist 就可以實現這個目標。
Blocklist 網路服務(BNS)從參與網站收集攻擊資料,並進行一些分析,然後傳回正在攻擊網站但尚未攻擊該網站的 IP 列表。換句話說,每個網站定期得到一個獨特的 IP 列表以預防性地阻擋。
GDPR
BNS 不會收集個人資料,機器人也沒有權利。
也就是說,BNS 只收集所需的最少資料(時間、IP、事件)並僅收集表現惡意的 IP 。
當然,有可能有些資料是由於人們的惡意行為而產生的,但 BNS 無法區分 - 並且也不應該區分:攻擊就是攻擊。
Freemius
為了運作,BNS 必須知道:
執行 blocklist 外掛的網站有哪些,
使用哪個版本,
以及用於安全通訊的共享密碼。
Freemius 已經提供了所有這些,而 WP fail2ban 已經使用了 Freemius,為什麼要重複發明輪子呢?
因此,與核心 WP fail2ban 外掛不同,必須選擇使用 Freemius 才能運作 blocklist 外掛。
外掛標籤
開發者團隊
原文外掛簡介
There are many plugins that use a database to check for malicious IPs after they connect, and of course fail2ban stops repeated attacks, but what if bad IPs could be blocked before they attack?
By working collaboratively – sharing attack data – WP fail2ban Blocklist does exactly that.
The Blocklist Network Service (BNS) collects attack data from participating sites, performs some analytical magic, and sends back a list of IPs that are attacking sites now but haven’t yet attacked that site. In other words, each site periodically gets a unique list of IPs to block preemptively.
GDPR
The BNS doesn’t collect personal data, and bots don’t have rights.
That said, the BNS only collects the minimum data required (time, IP, event), and only for IPs that have behaved maliciously.
Of course, it is possible that some data is generated by people behaving maliciously, but the BNS has no way to differentiate – and nor should it: an attack is an attack.
Freemius
To work, the BNS must know:
which sites are running the blocklist add-on,
which version is in use,
and a shared secret for secure communication.
Freemius already provides all these, and WP fail2ban already uses Freemius; why reinvent the wheel?
Therefore, unlike the core WP fail2ban plugin, you must opt into Freemius for the blocklist to work.
