requesting 10 dedicated servers

trnj

@jarland said:

I hear you, and I thank you for any abuse reports you send

Just for fun, was the customer with that IP above banned already?

jar

@trnj said:

@jarland said:

I hear you, and I thank you for any abuse reports you send

Just for fun, was the customer with that IP above banned already?

Something was done

trnj

Xei

@jarland said:

@trnj said:

@jarland said:

I hear you, and I thank you for any abuse reports you send

Just for fun, was the customer with that IP above banned already?

Something was done

Out of curiosity are the majority of abusers from Asia, if so which countries are the top offenders?

willie

Xei said:

Out of curiosity are the majority of abusers from Asia, if so which countries are the top offenders?

Almost all of my fail2ban recidives are from China if that's what you're asking.

jar

Xei said: Out of curiosity are the majority of abusers from Asia, if so which countries are the top offenders?

While I generally wouldn't answer that question directly, I'll go as far as to say that my view is that this is not the case at all. You have pockets of abuse in certain places at certain times, but pinpointing a problem area on a map is something that will change at least every six months, at most every year.

Aidan

@willie said:

Xei said:

Out of curiosity are the majority of abusers from Asia, if so which countries are the top offenders?

Almost all of my fail2ban recidives are from China if that's what you're asking.

Same here, for years now.

jar

willie said: Almost all of my fail2ban recidives are from China if that's what you're asking.

Oh yeah for brute force SSH top 5 goes:

1. China
2. China
3. China
4. China
5. China

hammer

@jarland
Why do they bother trying to brute force ssh if it can be secured by private keys and fail2ban prevents them from taking too many guesses at the password if it is inabled.
Does it get disabled if the hackers try to connect through ssh multiple times very quickly or something?

jar

@hammer said:
@jarland
Why do they bother trying to brute force ssh if it can be secured by private keys and fail2ban prevents them from taking too many guesses at the password if it is inabled.
Does it get disabled if the hackers try to connect through ssh multiple times very quickly or something?

I can only assume that enough people are not using keys or fail2ban to justify their continued brute force campaigns. We're talking about what is likely a state sponsored campaign, tbh. It's definitely not "Oh you're from China, you like to spam SSH commands all day."

willie

Jarland do you know if they're always trying to login as root, or guessing random usernames, or what? The usual sshd doesn't log this iirc.

jar

@willie said:
Jarland do you know if they're always trying to login as root, or guessing random usernames, or what? The usual sshd doesn't log this iirc.

Yeah if you put up a honeypot it's almost always root, and almost always a list of just a few passwords. More pop in there, but root and stuff like "12345" sit at the top. If you ever want to watch it, this is super fun to do:

https://github.com/desaster/kippo
https://bruteforcelab.com/kippo-graph

hammer

It's too sad because it's easy to use keys or at the absolute least real strong passwords.