This only from yesterday until today 9:00 pm and today 8:40 am
Total banned26
Total failed18459
Currently banned25
Currently failed6
Attacks take place on Dovecot, Ostfix, FTP, and web server (NGINX). Although Fail2ban, SYS Firewall and some security measures are still active. Just like CDN etc. These are not normal scans, but definitive attacks on the panel. As already said, only on aaPanel. The modules are hosted at bt.cn and conclusions can be drawn about the IPS of the installed panels. We even took the IPs from other data centers so that these IPs could not be attacked explicitly. Even in other countries not Germany or Europe and yet only aaPanel web servers are attacked. I had the same thing in 2017 at http://centos-webpanel.com/ since the attacks came from Croatia, Russia, China and Serbia. We quickly deleted it and it calmed down again. Since then we have avoided this panel. In my opinion, the modules should be reloaded via a proxy server, as should the installation. We are currently testing this and are already seeing some serious differences. So you have to consider where the modules are stored, on which servers, should you switch your own proxy server between? !!! Here would be the solution to install a local proxy first and then load and install aaPanel.