The amount of attempts to access my website is just too much O_O

Anyway in nginx to block access if login attempt failed after 3 times?

Not in nginx, but you could probably use fail2ban: http://fail2ban.org/wiki/index.php/...

@Taqriaqsuk I use it for ports, but this one is for nginx I need it to block attempts from client if it failed to authenticate

@gitpush https://serverfault.com/a/421050

@Taqriaqsuk Thanks man I'll check it out :D

Also just change your default port to something other than 22. My personal favourite is 666. Decreases bot attempts by 99%, not many do port scans

Oh and fail2ban works for http auth as far as I remember support for nginx is baked into the default conf you might just have to uncomment a line it's config

@kurtr Thanks man I'll check it, I have fail2ban installed lets see :D

@Kisokare how does redis help?

I'd say fail2ban, but haven't had much luck with that. Since I'm the only user on my servers, I hid most services within a VPN. No idea how I'll deal with public-facing services though.. fortunately it's currently only Postfix and OpenVPN.

@Linux @linuxxx @netikras and finally, 📍

@Kisokare
What

@Condor
Fail2ban is great for it :)

all hail fail2ban. installed it 1 month ago, already thousands of bans

I'd go with CSF!

@notcool
modsec does only cut http requests, would make more sense to ban the IP all toghether