Post A3Alx2taFrEHdAuy3M by junkman@mastodon.sdf.org
 (DIR) More posts by junkman@mastodon.sdf.org
 (DIR) Post #A38kvDLTwV7JBvbsae by ParadeGrotesque@mastodon.sdf.org
       2021-01-11T21:22:31Z
       
       0 likes, 0 repeats
       
       Hmmm... Home server is getting hit by a very aggressive SSH botnet right now.The interesting thing is, this is coming mostly from the USA, especially Digital Ocean and CenturyLink, and not from China, as I got used to before.Kind of unusual, really.
       
 (DIR) Post #A38lBLIY8sxCUPver2 by ParadeGrotesque@mastodon.sdf.org
       2021-01-11T21:25:26Z
       
       0 likes, 0 repeats
       
       I always have a good laugh at these shitty bots. Trying "root" and "admin" (and many permutations thereof) is not going to get you anywhere, except in my '/etc/hosts.deny'.
       
 (DIR) Post #A38mEP5abVWF4OtGiG by ParadeGrotesque@mastodon.sdf.org
       2021-01-11T21:37:11Z
       
       0 likes, 0 repeats
       
       No less than 85 new banned hosts since 00:31 this morning, including 17 from CenturyLink.I still have 15GB of free space in '/var/log' so bring it on, shitty botnet!
       
 (DIR) Post #A38mXZ13v5mpMNuQam by Ricardus@mastodon.sdf.org
       2021-01-11T21:40:39Z
       
       0 likes, 0 repeats
       
       @ParadeGrotesque Wow
       
 (DIR) Post #A38naHAgp3Lcq3GlbU by ngp@mastodon.sdf.org
       2021-01-11T21:52:21Z
       
       0 likes, 0 repeats
       
       @ParadeGrotesque Have you reported abuse with DigitalOcean? I'm not sure about CenturyLink, but I know DO has a form for reporting IPs
       
 (DIR) Post #A38o3CHQ5V6I49CxWa by ParadeGrotesque@mastodon.sdf.org
       2021-01-11T21:57:34Z
       
       0 likes, 0 repeats
       
       @ngp I have danced that abuse tango before and nothing good ever came out of it.Some bot  machines get pulled out and reappear 10 minutes later. Even though automating that abuse report could be interesting...  🤔
       
 (DIR) Post #A38p7NZ0B45yApzR4K by amerika@freespeechextremist.com
       2021-01-11T22:09:33.482880Z
       
       1 likes, 0 repeats
       
       @ngp @ParadeGrotesque they don't do anything
       
 (DIR) Post #A38pU0z4IHaGnxyYz2 by ParadeGrotesque@mastodon.sdf.org
       2021-01-11T22:13:38Z
       
       0 likes, 0 repeats
       
       @amerika @ngp To be fair, they don't do anything... like 99% of all other hosters.
       
 (DIR) Post #A38rJyrbWS6hF0pNM8 by ParadeGrotesque@mastodon.sdf.org
       2021-01-11T22:34:13Z
       
       0 likes, 0 repeats
       
       Oh, 509 hosts banned since Jan 1st 2021. 🤨 So about 50 new hosts banned per day since the beginning of 2021.This is going to be an interesting year.
       
 (DIR) Post #A38rixhYynSosR2jGC by ParadeGrotesque@mastodon.sdf.org
       2021-01-11T22:38:44Z
       
       0 likes, 0 repeats
       
       On the other hand, the home server has been up for 47 days now, and is still around 0.03 of CPU load.DenyHosts power!So I am not too worried. I'll just grab popcorn and count the number of bots banned.
       
 (DIR) Post #A395Bg3axZDhxHN4a0 by mmn@mastodon.sdf.org
       2021-01-12T01:09:35Z
       
       0 likes, 0 repeats
       
       @ParadeGrotesque they've probably got some free credit thing going on. This is why I don't leave my ssh ports public, I just vpn in to my freebox and do it "locally" if I want to connect from outside
       
 (DIR) Post #A39wJpPzKmBSsLcKBc by js@chaos.social
       2021-01-12T11:04:51Z
       
       0 likes, 0 repeats
       
       @ParadeGrotesque So much effort when you could just ignore it entirely or change the port ;)
       
 (DIR) Post #A39wjrsqn2HW3FXAFk by ParadeGrotesque@mastodon.sdf.org
       2021-01-12T11:09:38Z
       
       0 likes, 0 repeats
       
       @js But I like making fun of bot nets!
       
 (DIR) Post #A3AkkjNMu13rf9PgjA by junkman@mastodon.sdf.org
       2021-01-12T20:30:01Z
       
       0 likes, 0 repeats
       
       @ParadeGrotesque my VPS server traffic is like 97% failed ssh logins and 3% gopher 😂
       
 (DIR) Post #A3Alctsg3rN1sft6jg by ParadeGrotesque@mastodon.sdf.org
       2021-01-12T20:39:50Z
       
       0 likes, 0 repeats
       
       @junkman Sounds about right!  🤔
       
 (DIR) Post #A3Alx2taFrEHdAuy3M by junkman@mastodon.sdf.org
       2021-01-12T20:31:59Z
       
       0 likes, 0 repeats
       
       @js @ParadeGrotesque I’ve changed the port and they still eventually find it. I just ignore it. Even if they knew my root password they couldn’t log in.What OS made in the last decade actually allows remote root logins?
       
 (DIR) Post #A3Alx3AbEaqATwsYZk by ParadeGrotesque@mastodon.sdf.org
       2021-01-12T20:43:22Z
       
       0 likes, 0 repeats
       
       @junkman @js A simple nmap scan will let you find the open SSH port. Moving from 22 to something else protects you for about 10 minutes.And, yes, setting 'RootLogin' to 'no' should be SSH configuration 101.
       
 (DIR) Post #A3Aw3cF2kbbQXAj8Jk by js@chaos.social
       2021-01-12T20:53:02Z
       
       0 likes, 0 repeats
       
       @ParadeGrotesque @junkman Protected me from log spam for 15 years now 🤷‍♂️. Maybe pick a better port?