TheMagicalCFeb 22

The past few days I’ve seen a *massive* uptick in people trying to break into my SSH server. It’s public facing but on a nonstandard port. So many people are trying that my gmail I use to send fail2ban notifs is getting rate limited. Right now I’m getting several per minute, the normal amount is 1-3 per day.

Oh. I just got rate limited again.

Anyone else experiencing something similar?

#cybersecurity #askfedi

Show threadSam BriesemeisterFeb 24
@cwg1231 are you looking for tips to mitigate that? If found some nice iptables tricks that have effectively made fail2ban unnecessary in my case…
Show threadTheMagicalCFeb 24
@systemalias I'd love some tips. Fail2ban is adequate, but I'll never turn down more info on mitigation.
Show threadSam BriesemeisterFeb 24

@cwg1231 I can’t share my own scripts currently, as they have some dependencies that wouldn’t make sense to general public use cases… but this page has some good starting points.

https://we.riseup.net/stefani/iptables-recent-module-and-hit-limits

iptables "recent" module and hit limits - stefani - people - Crabgrass

Show threadTheMagicalC
@systemalias thanks. Are there any similar examples for nftables, since that’s supposed to eventually replace iptables?
Feb 24 at 10:10pmWeb