So I've been watching traffic come into my server for a while. I sometimes enjoyed watching the php exploit attempts come it. I laughed as I ran no php. Spider my server if you want I thought.
Well attempt to log into my task management software and things are just hanging. I go to my vps provider and it says the particular server is suspended. Go to tickets and I see one saying a bunch of fail2ban events happened on someone else's server and they put in an abuse notice.
I've worked with the guy who runs the vps I'm using. He's a cool guy so I know we are going to get things sorted out as far as me getting some data out of it.
But I should have banned the ip generating those php exploit attempts. In fact if you don't ban obvious attacks it probably is just a signal to the attacker that you aren't pay attention, you probably are lax elsewhere and that if they keep trying they will get in.