Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
This is possibly someone trying to see if your server is an IoT device and trying known passwords for those devices.
-
I eventually identified the attack as being from the ZmEu vulnerability scanner. I have password logins disabled for SSH, and the database has been cleared (the service hadn't even gone live, so I didn't lose anything) and set to only accept local connections.
-
I use nftables to rate limit the logins for ssh, if you get concerned, lock down the server:
- only local mysql (just close the port)
- allow only keys for the logon
- if the bruteforce is producing critical load, change the standard response for all ports to drop. -
ng190528487y@vortexman100
* Change the standard response for all ports to drop _after_ you allowed port 22 😂
Should be obvious, but as I was a noob in Linux I lost my lovely vps because of this 😂😂 -
Another suggestion is to use APF (super easy iptables configuration with advanced features) I've had the majority of issues taken care of with it.
Related Rants
-
gururaju56*Now that's what I call a Hacker* MOTHER OF ALL AUTOMATIONS This seems a long post. but you will definitely ...
-
linuxxx70This guy at my last internship. A windows fanboy to the fucking max! He was saying how he'd never use anythi...
-
creedasaurus62Another dev on my team just got a new machine. Before he came in today I made two separate USB installers and ...
Someone is trying to launch a brute force attack on one of my servers that I set up for an old project. According to the logs, they've tried Jorgee, they've tried directly accessing the MySQL database (with the laziest passwords), and they're now on day 4 of their brute force attack against my SSH server. I'm fairly certain that they won't be getting in (not that there's anything worth getting in the first place), but what's the standard protocol for this? Do I just wait this out, or is there something I can do to break their bot? I have fail2ban enabled, and it is doing its job, but the attacker is changing their IP address with every attack.
rant
servers
ssh
hacking
linux
scriptkiddies
cybersecurity