TheMagicalCFeb 22

The past few days I’ve seen a *massive* uptick in people trying to break into my SSH server. It’s public facing but on a nonstandard port. So many people are trying that my gmail I use to send fail2ban notifs is getting rate limited. Right now I’m getting several per minute, the normal amount is 1-3 per day.

Oh. I just got rate limited again.

Anyone else experiencing something similar?

#cybersecurity #askfedi

Show threadSunDevil311

@cwg1231 Similar experience. In my particular case, most inbound connections were from Russia, so applying a geo-block on RU did wonders.

It's still pinging more than I'd think it should, but at least it's banning the offenders.

Feb 22 at 7:15pmWeb
Show threadTheMagicalCFeb 22
@sundevil311 interesting. I’ll have to see about a geo block, but in the meantime I think it’d be fun to do some additional logging and analysis. Since nobody except me relies on this SSH, I might move the port over and replace it with a tar pit to mess with the attackers.