Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Do you have any legitimate customers in China, and are you running a CDN? If so most have georestriction features you can use to nuke nearly all traffic from any particular country.
-
notify5636yWell said. One day I was configuring ssh on port 22 on my router and within few minutes I see huge number of ssh connection originating from Chinese IP. Luckily I had fail2ban installed.. Phew!
-
@notify I have my fail2ban configured to ban anything that tries to enter with a nonexistent user or root, it's been quiet for days now :) (nevermind that it's public key authentication only)
Love this package
Private server and whitelisted my ip btw -
notify5636y@alexbrooklyn
My use case is different, I need to login from several public machine so PKI will not help me. So I used shellinbox with nginx proxy, any other method you can suggest? -
@notify i'm afraid I don't have that much experience with it yet, it's my first vps :)
-
@notify It is possible (but security wise not the best idea) "pass around" the SSH-agent with you personal public key, but I'm not sure if that is what you want.
Alternatively, can't you whitelist the machines that password authentication from these machines is enough? -
notify5636y@sbiewald
If I use sshpass then I have carry the public key on all the machine but anyway thanks for the idea, I am going to upgrade to openwrt and setup the agent less ssh.
The machine I use to login has dynamic ip so cannot whitelist the ip. If I blacklist certain range of ip's then again VPN will fail which has dynamic ip too -
@AlmondSauce I don't think I'll ever have a customer from China.
I'm not using any CDN, but Fail2Ban is working good enough for now. -
@HoloDreamer Yup, that's the most common case (China is a big market, but one you need to appeal to very specifically to gain any traction, so it's not worth the effort for most.) If you ever upgrade to a CDN, that can be worth putting in place.
Related Rants
Fucking China!
The only time they ever come out of their pathetic walled internet is to attack your servers.
Fuck that country.
random
cyber security
servers
china