I’ve been constantly under attack from about ten times this for around 10 years.
They brute force common words and try various names as logins. It’s very primitive.
It waxes and wanes in frequency but averages to three or four per minute.
I have ssh on port 2222 (which btw they also figure out pretty quickly, I would recommend a less obvious alternative port) and fail2ban catches them after a couple tries, but without fail new ips spin up and resume.
It’s futile. I don’t have password auth on. They’ll never get in.
It’s just like people walking down the street coming up to your door to see if it’s unlocked. Or trying car doors for the same. They can try all they want, they’re not getting in.
Moral of the story: yeah it feels scary, but it’s really not. Make sure you have password auth and root login turned off, and fail2ban is a good call. Otherwise ignore it, it’s just something that will always happen on the internet.
Post about your homelab, discussion of your homelab, questions you may have, or general discussion about transition your skill from the homelab to the workplace.
No memes or potato images.
We love detailed homelab builds, especially network diagrams!
Report any posts that you feel should be brought to our attention.
Ha, yeah this is very common.
I’ve been constantly under attack from about ten times this for around 10 years.
They brute force common words and try various names as logins. It’s very primitive.
It waxes and wanes in frequency but averages to three or four per minute.
I have ssh on port 2222 (which btw they also figure out pretty quickly, I would recommend a less obvious alternative port) and fail2ban catches them after a couple tries, but without fail new ips spin up and resume.
It’s futile. I don’t have password auth on. They’ll never get in.
It’s just like people walking down the street coming up to your door to see if it’s unlocked. Or trying car doors for the same. They can try all they want, they’re not getting in.
Moral of the story: yeah it feels scary, but it’s really not. Make sure you have password auth and root login turned off, and fail2ban is a good call. Otherwise ignore it, it’s just something that will always happen on the internet.
I once bound a /16 to a server. Dropped like a rock instantly over ssh attacks 😂 over 10,000/s
Could you dumb this down for the class, what do you mean by 'bound a /16'?