New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Just for fun, was the customer with that IP above banned already?
Something was done
Out of curiosity are the majority of abusers from Asia, if so which countries are the top offenders?
Almost all of my fail2ban recidives are from China if that's what you're asking.
While I generally wouldn't answer that question directly, I'll go as far as to say that my view is that this is not the case at all. You have pockets of abuse in certain places at certain times, but pinpointing a problem area on a map is something that will change at least every six months, at most every year.
Same here, for years now.
Oh yeah for brute force SSH top 5 goes:
@jarland
Why do they bother trying to brute force ssh if it can be secured by private keys and fail2ban prevents them from taking too many guesses at the password if it is inabled.
Does it get disabled if the hackers try to connect through ssh multiple times very quickly or something?
I can only assume that enough people are not using keys or fail2ban to justify their continued brute force campaigns. We're talking about what is likely a state sponsored campaign, tbh. It's definitely not "Oh you're from China, you like to spam SSH commands all day."
Jarland do you know if they're always trying to login as root, or guessing random usernames, or what? The usual sshd doesn't log this iirc.
Yeah if you put up a honeypot it's almost always root, and almost always a list of just a few passwords. More pop in there, but root and stuff like "12345" sit at the top. If you ever want to watch it, this is super fun to do:
https://github.com/desaster/kippo
https://bruteforcelab.com/kippo-graph
It's too sad because it's easy to use keys or at the absolute least real strong passwords.