👨‍💻

I have actually done this.

Had a personal server that was actively being attacked.

Since I was running this at home on residential ISP, I just unplugged the modem. It kicked the connection off. When I plugged it back in I got a new IP.

Then I could go back and figure out how they got in and harden the system.

@sariel did you get to the bottom of how they got in?

@bioDan yeah, same reason anyone gets in.

The network engineer (me) and sys ops engineer(also me) was an idiot.

Don't open standard ports to the internet kiddos. Don't even open anything but 443 tbh. If you must, at least port forward with a non-standard port.

If you absolutely must open THE port, create a whitelist with the IP you're trying to connect from in your firewall.

If you can't do that, go find a MCSP that will be your proxy with a VPN back to your server.

@sariel the service should be secure hiding ports does not really work on a slightly targeted attack. If you must hide a port use a knocker or as your suggested block on IP address even though they is also a bit of a hack.

One nice thing of containerised services is that they can be greatly sandboxed and divide the attack surface.

@hjk101 this was most definitely years before containers.

Sound advice though.