https://shio-chan-dev.github.io/jeanblog/tags/server-security/Recent content in Server-Security on Jeanphilo BlogHugo -- 0.159.2en-usSat, 22 Nov 2025 12:00:00 +0800https://shio-chan-dev.github.io/jeanblog/linux/linux/ufw-crowdsec-portscan/Sat, 22 Nov 2025 12:00:00 +0800https://shio-chan-dev.github.io/jeanblog/linux/linux/ufw-crowdsec-portscan/<h1 id="ufw--crowdsec-stop-malicious-port-scans">UFW + CrowdSec: Stop Malicious Port Scans</h1> <p><strong>Subtitle / Abstract:</strong> How do you protect exposed server ports? This guide shows how to move past Fail2ban regex hell and build a stable, automated, intelligent port-scan defense system.</p> <hr> <h2 id="target-readers">Target readers</h2> <ul> <li>Developers using FRP or reverse tunnels</li> <li>Operators of cloud servers (Tencent, Alibaba, AWS, etc.)</li> <li>Linux users who want to stop port scans and SSH brute force</li> <li>People using Fail2ban who want a modern alternative</li> <li>Anyone improving personal server security</li> </ul> <hr> <h2 id="background--motivation-why-you-need-port-scan-defense">Background / Motivation: Why you need port-scan defense</h2> <p>When you run FRP (frps + frpc) or expose multiple ports, you will often see:</p>