Learn More
Resend Email
39
HoloDreamer
5y

Fucking China!

The only time they ever come out of their pathetic walled internet is to attack your servers.

Fuck that country.

random

cyber security

servers

china
Favorite
Ranter
Comments
  • 8
    5y
    Do you have any legitimate customers in China, and are you running a CDN? If so most have georestriction features you can use to nuke nearly all traffic from any particular country.
  • 5
    5y
    Well said. One day I was configuring ssh on port 22 on my router and within few minutes I see huge number of ssh connection originating from Chinese IP. Luckily I had fail2ban installed.. Phew!
  • 5
    5y
    @notify I have my fail2ban configured to ban anything that tries to enter with a nonexistent user or root, it's been quiet for days now :) (nevermind that it's public key authentication only)

    Love this package

    Private server and whitelisted my ip btw
  • 4
    5y
    @alexbrooklyn
    My use case is different, I need to login from several public machine so PKI will not help me. So I used shellinbox with nginx proxy, any other method you can suggest?
  • 5
    5y
    @notify i'm afraid I don't have that much experience with it yet, it's my first vps :)
  • 5
    5y
    Auth.log is scary! Thank goodness for fail2ban
  • 3
    5y
    @notify It is possible (but security wise not the best idea) "pass around" the SSH-agent with you personal public key, but I'm not sure if that is what you want.

    Alternatively, can't you whitelist the machines that password authentication from these machines is enough?
  • 3
    5y
    @sbiewald
    If I use sshpass then I have carry the public key on all the machine but anyway thanks for the idea, I am going to upgrade to openwrt and setup the agent less ssh.

    The machine I use to login has dynamic ip so cannot whitelist the ip. If I blacklist certain range of ip's then again VPN will fail which has dynamic ip too
  • 2
    5y
    @AlmondSauce I don't think I'll ever have a customer from China.

    I'm not using any CDN, but Fail2Ban is working good enough for now.
  • 2
    5y
    @HoloDreamer Yup, that's the most common case (China is a big market, but one you need to appeal to very specifically to gain any traction, so it's not worth the effort for most.) If you ever upgrade to a CDN, that can be worth putting in place.
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment