Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@Linux Yeah I fully isolated my ssh port now from outerhome networks... Not having a good feeling about that
-
endor57516y@hypervtechnics never tried it, but I guess you could try ssh-ing into those servers? Maybe see what's inside them, and if they're just boxes dedicated to botnets go haywire (or try to work your way up the hierarchy?).
Can't think of other stuff on the spot, but I'm sure there's more -
@bioDan that's what I assumed simply because economically, I'm not worth manual hacker effort.
-
Wack63116yI also had this, china, russia, india, all over the place. I guess they just try random ips and if there's a response on port 22, they point a botnet at it...
-
bioDan61596y@Fast-Nop if they find any vulnerabilities a hacker may be inclined to not give a fuck.
You are precious and your data is precious, even if you can't see it right now. Take good care -
@bioDan yeah, if the automated search finds a hole, then it could alert its owners that there's a target, even if it's "just" for abusing the mail as spam relay. Or for installing miners. But the initial scan won't be specific - that's unlike, say, Paypal or so.
Since my "CMS" (actually abuse of the C preprocessor) is running offline, I don't have to think about WP vulnerabilities. :-) -
GMR51635606yGeneral question for people in the thread: if I use an SSH key am I okay in terms of brute forcing?
-
Wack63116y@GMR516 I'd recommend fail2ban. If you're looking for a paid solution, I'd go with imunify360.
As for the short yes, long no: ssh keys makes it way harder to crack as there is a magnitude of possibilities more to crack. However with enough time and ressources still technically possible. And that's where fail2ban comes in. It scans the logs and bans those ip that try to do stuff. Another reason for the long no, could be your key. If it's lost/stollen/published to github/... An atacker can simply get in. -
GMR51635606y@Wack I’ll research fail2ban with namecheap hosting. Thanks! Do you think using a password for the SSH key file is good as well?
-
If you have ssh reachable from the internet, you WILL be brute forced! In my experience, it starts in about 30 seconds from being available.
-
@Linux Yup. Most of my servers get 20K+ failed attempts every day.
New one on which csf hasn’t blocked anything yet 😶 -
@GMR516 ssh with key login and the key having a strong password/phrase is good!
And I personally would like any ip attacking me to be blocked :)
I don’t use fail2ban myself but CSF because that’s an easy way to manage a firewall and has more advanced features. -
unknown18396yI use CSF too to block those fuckheads from my servers.
At work we have a server which is hosting a website which has been compromised before they came to us (we rebuild the website, so as far as I know, there are no vulnerabilities anymore). Once I had to fix something with CSF and had to disable it for like 30 seconds. In that 30 seconds the website/server got so many requests, which are not being blocked by CSF, that the server start shutting down...
I've learned from that... -
Its always a good idea to not open any port to the entire world. Restricting SSH access only to your IP is the way to go. And if you've to open port 80, keep that too behind a loadbalancer.
Why do people do this. Well i got to know one reason, through a personal experience. I had one of the ports open (running an application on default port). The attackers didn't have anything against me personally. They just had a ready made script that'll do port scanning and depending upon the port and what application runs on that by default, try to utilise vulnerabilities in that application.
Long story short, the attacker just ran a script to mine some Bitcoins. -
@hypervtechnics well VMs and cloud is the way i generally do. But security is more to do with your personal ego. Of late security has been made so ego centric that i fail to understand certain things. Like for example if you are not running an application that involves personal data of users or other sensitive data, being not breached is not going to be very high on your priority list.
But those around make you feel really as if it should always be very important. And this is mostly people who are in the job of preventing breaches. Its their business and their survival tactic for that.
Related Rants
-
abhijith050513When you SSH into a machine and then SSH back into yours, you know you are drunk.
-
nickj58today at programming class... professor: today we will be teaching you about vim and using the terminal and s...
-
linuxxx15Had to debug an issue, *ssh user@domain* "some wild network connection issue" *hmm weird.. * *checks every...
I just discovered my server being brute forced over SSH by over 25 different IPs per minute. WHAT THE FUCK?! It's not even a public website... Now I installed fail2ban.
rant
brute force
ssh
fail2ban rules
fucking chinese servers