Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Why all brute force attempt on all of my server came from China ip?
New on LowEndTalk? Please Register and read our Community Rules.

Why all brute force attempt on all of my server came from China ip?

I hope, just for one time, please, any IP from another countries except China, brute force my server. I am boring because there is no other IP but China.

«13

Comments

  • It could be most of them are still using windows XP and they are infected with botnet

  • Change your SSH port and add something like Fail2Ban

  • @xDragonZ said:
    ..... they are infected with botnet

    Still, why China?? for years.. all attempt to gain access on my servers came from China's ip.

  • And don't use password logins.

    Thanked by 2ValdikSS ATHK
  • @MarkTurner said:
    Change your SSH port and add something like Fail2Ban

    All my servers doesnt use port 22 for SSH. The server in the screenshot is a online.net's dedi and I installed OS lesss then 24 hours ago. Im starting to setup it for a few minutes ago.
    But still, why all attempt came from China? I wish to see some from US or maybe russia or any countries except China LOL.

  • jarjar Member, Patron Provider

    Many theories. I like the XP theory. It's no secret that China and brute force go well together.

    Thanked by 1netomx
  • Change to SSH Key auth and they will stop instantly.

    Seems a lot of the Chinese brute forcers target all the online.net IP range; probably as online.net is generally Dedi's and not VPS's so getting into one means potentially massive payoff.

  • cause China is showing you some love.

  • Disabling root login is also a good idea.

  • Got like 100k once on a server of mine :)

  • If you're still using the root account and the default port 22, I'd try too. And I'm not a headless botnet.

  • psycholyzern said: Still, why China??

    Because many people live there?

  • jarjar Member, Patron Provider

    @Blanoz said:
    If you're still using the root account and the default port 22, I'd try too. And I'm not a headless botnet.

    I'm on 22. Have fun!

    Thanked by 1netomx
  • I know... China just doesn't like you.

    Thanked by 1ATHK
  • what xp vulnerability is exploited to run these bots? Are the last patches able to resolve them

  • bashed said: what xp vulnerability is exploited to run these bots? Are the last patches able to resolve them

    No, XP is not supported by anyone - no one should be using it! XP is older than Ubuntu 1.0!

  • Botnets are not only exist with Chinese IPs, but there are backdoors in any Chinese products like 1+1 phone and Huawei. I really recommend you to stay away from any chinese products.

    Thanked by 1webcraft
  • @creep said:
    Botnets are not only exist with Chinese IPs, but there are backdoors in any Chinese products like 1+1 phone and Huawei. I really recommend you to stay away from any chinese products.

    Designed by Apple in California, made in... China

    Thanked by 1ATHK
  • If you want bots attacking you from different countries, host a wordpress blog :D I get attacks from Ukraine, Russia, USA, China, South Korea and Taiwan.

    Thanked by 1webcraft
  • NeoonNeoon Member, Community Contributor
    edited December 2014

    Not china, also OVH and that crap it comes from everywere.

  • @creep said:
    .... but there are backdoors in any Chinese products like 1+1 phone and Huawei.

    are you serious? I am a big fan of 1+1

    @varwww said:
    If you want bots attacking you from different countries, host a wordpress blog :D I get attacks from Ukraine, Russia, USA, China, South Korea and Taiwan.

    This is what I need... LOL

  • Every IP I've found attempting to brute force a server has been from China. China is also the #1 source for blog spam and other fun stuff.

    Chinese traffic isn't valuable to me at all, on any of my sites, I'm considering just blacklisting every major Chinese IP range. All the normal Chinese internet users (read: not bots) just VPN through the great firewall into another country anyways..

  • GaNiGaNi Member
    edited December 2014

    @creep said:
    Botnets are not only exist with Chinese IPs, but there are backdoors in any Chinese products like 1+1 phone and Huawei. I really recommend you to stay away from any chinese products.

    You should leave your home, friends and possibly everything asap!

    PS: How the hell do you put a backdoor in CyanogenMod?

  • I'm curious about this also. All bruteforce attacks to my VPS came from China IP.

  • sc754sc754 Member
    edited December 2014
    Things to do:
    
    Set ssh to a high port number (somewhere in the 50000 range is what I do)
    Disable root login in ssh and make an ordinary user with sudoer access
    Set AllowUsers in ssh to just your new ordinary sudoer user
    Always use a difficult password
    
    Install fail2ban also if you want
    
  • SilvengaSilvenga Member
    edited December 2014

    sc754 said: Set ssh to a high port number (somewhere in the 50000 range is what I do)

    No. That is completely uneducated, never recommend doing that.

    https://www.adayinthelifeof.nl/2012/03/12/why-putting-ssh-on-another-port-than-22-is-bad-idea/

    r00t4bl3 said: I'm curious about this also. All bruteforce attacks to my VPS came from China IP.

    China has the largest user base of Windows XP (mostly illegal versions) and other legacy software. Statistically, China homes the largest population of kiddy scrippers and technologically uneducated users. Hence, logically most attacks will come from Chinese IP ranges.

    Thanked by 1linuxthefish
  • raindog308raindog308 Administrator

    Silvenga said: No. That is completely uneducated, never recommend doing that.

    No, actually the guy who wrote that article is completely educated and quite wrong.

    http://lowendtalk.com/discussion/comment/576972/#Comment_576972

    Thanked by 1netomx
  • I am a Chinese.
    In China, many people use illegal copy of OSes, and many of them still stay @ XP.
    They are easy to get controlled by hackers, and then attack your VPS.

  • youjingsenlinyoujingsenlin Member
    edited December 2014

    @XIAOSpider97 said:
    I am a Chinese.
    In China, many people use illegal copy of OSes, and many of them still stay @ XP.
    They are easy to get controlled by hackers, and then attack your VPS.

    Yes,I am a Chinese,too.

  • If you really want to stop them just deny all China IP range to access your SSH port, problem solved.

Sign In or Register to comment.