223
McSebi
7y

When you move ssh to a different port

(found: https://twitter.com/GonzoHacker/...)

Comments
  • 1
    Make an ssh alias in ~/.ssh/config to prevent having to type ssh -p PORT

    =)
  • 0
    UX vs UI
  • 1
    Not sure why, but I actually laughed out loud at this one. :)
  • 1
    Hey if I use an unsigned Port and the Chinese don't try to get in my server anymore I consider it a win ( no joke top countries in my log are China,Russia,and US)
  • 1
    @inpothet deny root login and stop caring :)
  • 2
    @McSebi if they only wanted root but they go thru a big list of users
  • 2
    @inpothet
    I have root login but key based and fail2ban to beat their asses with -1 ban time.
  • 3
    @DonMcCoy also works if I finally set it up, I normally call their ISP ask for the abuse department and 1 day later no more tries
  • 2
    @inpothet
    Yes my first year on servers I used to get so much frustrated, and each time i send abuse against them, and then I used a script which looks in the whois for abuse email and send automatic email with the failed try of the spammer in message body, then i gave up.
    I tuned fail2ban to watch every possible resource (ssh, ftp, sasl web dav, nginx logins, apache logins, all)
    And now its been 6 years for 2 of my servers, my ban list has 1000+ IPs.

    Now I'm thinking of developing a ban list colllector which collects all abusers IP from alk fail2ban clients to a database so we can all use each others lists.

    The problem too, the older your IPs (servers) are and the more you have high visitors web apps on your servers the more you are spread worldwide on spammers list.
    So we need such a collector.
  • 2
    @DonMcCoy I don't mind helping with a web version of it, o and I went a step further I called the ISP using Skype and asked for the abuse department it worked really well
Add Comment