"Eternally Experimental"
Personal test server consisting mostly of old junk.
Remove boring stuff.
For about 20 years now, the logs of this little server have been flooded by brute force SSH password attacks. I don't always have an SSH key on me, so I refuse to disable password authentication just for some script kiddies. Instead, I installed a countermeasure named fail2ban. It temporarily bans an IP after 5 consecutive login failures. This needs to be a very low number, with the ban time as long as you can afford, to fend off attacks coming from many different IPs (botnets).It works so well, I decided to write a few scripts to show the results here for all to see. Note that the listed IP's most likely do not belong to the actual (human) attackers! Most of these IPs appear to be of machines that have been compromised themselves. Machines that do get compromised in this way, probably have users named info, service, mysql, student, root, test etc... or ahmed, alan, albert, alberto, alex, alfred, ali, alice, allan, andi, andrew... (you get the idea) with guessable passwords. Anyone out of ideas to name their child, drop me a line and I'll send you some logs from before I installed fail2ban... :-) UPDATE: Over the past decade, things have become a bit more grim and grown beyond the scr1pt k1dd13 realm, as these types of attacks are now commonly used to install Trojans for use in botnets. Besides obvious uses like sending spam or 'hacking' even more machines like yours, these botnets can be a powerful tool in destructive DoS attacks and such. Your machine may be actively participating in computer terrorism without you even knowing! Please always use a non-guessable password that is long enough to not allow brute force either. You know the drill by now. Due to databases occasionally leaking, change them every now and then. Preferrably use a password manager so that you can set a different secure password for every site you create an account on, without having to memorize them all. I am personally a fan of Vivaldi's password (and notes) syncer across all my devices. |
Less ... Show ... More | ||||
On 2024-03-08 08:58:37 | 43.155.156.181 | <no dns> | from Japan | received a ban. |
On 2024-03-08 08:56:49 | 177.221.97.6 | <no dns> | from Brazil | received a ban. |
On 2024-03-08 08:56:38 | 186.233.80.61 | <no dns> | from Brazil | received a ban. |
On 2024-03-08 08:27:21 | 43.136.100.65 | <no dns> | from Japan | received a ban. |
On 2024-03-08 08:11:11 | 117.33.252.91 | <no dns> | from China | received a ban. |
125.35.93.98 | <no dns> | from Japan | Received 140 bans. | |
162.215.216.231 | <no dns> | from Brazil | Received 59 bans. | |
115.204.226.136 | <no dns> | from Brazil | Received 42 bans. | |
103.154.184.109 | dedi.legaccord.org | from Japan | Received 29 bans. | |
164.92.205.199 | <no dns> | from China | Received 23 bans. | |
1.214.214.114 | server.venerablelaw.com | from China | Received 22 bans. | |
45.11.94.64 | <no dns> | from Hong Kong | Received 20 bans. | |
103.179.238.26 | <no dns> | from Brazil | Received 19 bans. | |
43.163.202.88 | 198.164.178.68.host.secureserver.net | from China | Received 17 bans. | |
75.119.144.68 | vmi1137934.contaboserver.net | from China | Received 16 bans. |