I have been running crowdsec on my OpenWRT firewall for a bit now, I am just curious as to what others think about it?
Thank you @irmadlad the webui you suggested is showing the logs a lot better than my vibe coded HA plug ins (both my ssh honey pot and my plug in showed nothing) looking over the logs shows so much activity that is happening.


Ahh so bots are finding subdomains by scraping SSL certificates?
That was my experience also. Within minutes of spinning up any new subdomain with a dedicated A DNS record, I had bots that scraped it from https://crt.sh/ knocking on the door.
With wildcard subdomains and relatively obscure URLs, it’s pretty quiet.