undefined | Better HN

0 pointsCanada10y ago0 comments

Everything is attacked. It's all automated, not personal.

0 comments

Yup install something like fail2ban & setup email alerts. You'll get a new notice every 5 minutes or so for the first month from all the china based bots trying to login via common ssh credentials.

A01010y ago

I run snort and from its alerts, the bots come from all around the world not all from CN. Though the CN sources are largest.

protomyth10y ago

I was rather surprised when I had a week where most of the attacks came from Las Vegas and New Hampshire.

burnte10y ago

Well, true, we did get spam attacks on the app, so I wound up banning huge swaths of the world. I moved SSH to a very high port, only ran apache, sshd, and an SMTP agent (the machine never received email, inbound was handled by GMail). Still, had someone wanted to exploit the PHP app, I'd be surprised if they couldn't find a weakness. It was custom written, but nearly a decade age.

CanadaOP10y ago

Elite attackers can compromise almost any target, but even they won't bother finding one-off vulnerabilities when the goal is botnet host acquisition. For that only widely deployed vulnerabilities are worth exploiting.

In practice that means you can get away with something as crazy as opening up a password-free root shell on some random high port, but you can't get away with weak SSH logins or unpatched Wordpress sites.

j / k navigate · click thread line to collapse