Fail2Ban for listeners who have used up their 24 Hour time limit?

I have just observed a kiwirecorder bot which used up its 120 minutes of daily connect time but continued to attempt to log on. Even though it could no longer log in, that bot kept one of the Kiwi's receive channels was continuously 'busy' as shown on the Log page. I was able to free that receive channel by adding the bot's IP to my local blacklist, but I'm sure it will resume its attempts from another IP address soon.

So I wonder if it would be easy to enhance the Kiwi's timeout feature by adding timed-out IP addresses to the local IP blacklist? This would mimic the 'fail2ban' service used to suppress rogue ssh login attempts.


  • Good idea. I use fail2ban on the servers.

Sign In or Register to comment.