Ed W8EMV Mar 5

I have a Pi 1 on my local network hooked up to 44net (the ARDC's public access internet via Wireguard). The following is the count of top failed ssh login attempts for each username over about a 3 day period. Attacks started immediately.

143 ec2-user
144 ftpuser
152 nginx
155 ftp
217 debian
218 centos
254 pi
348 solv
381 hadoop
390 git
446 mysql
607 guest
723 ubuntu
782 postgres
863 oracle
880 test
1468 user
2648 admin

Show threadOnno (VK6FLAB)
@w8emv install fail2ban
Mar 5 at 8:35pmWeb
Show threadOnno (VK6FLAB)Mar 5
@w8emv also, check your webserver logs, they'll make your eyes water.
Show threadEd W8EMV Mar 5

@vk6flab I looked at fail2ban and I don't think I need the complexity right now - instead I decided to block all ssh access from the "outside world" through ufw

when I do need to get to the system, I can reach it because there's a subnet router for it on my Tailscale network and I can ssh in that way

the nginx logs are not fun to read! so many paths being probed. so far though, no obvious risk, just hassle, since I'm hosting a single-page website there