Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Lennerd5585yBlocking all Chinese IP ranges does really help with this. You can easily find firewall lists online.
-
@Lennerd I'm curious. What would I Google? Only instructions come up for me how to use /etc/hosts.deny
-
Lennerd5585yI don't really know anymore it's a long time ago when I did this on my home server, when that was still running Windows Server instead of Linux.
I guess I googled something like `Chinese ISP IP ranges` or something like that.
Then I used a PowerShell script to import it in Windows Firewall. I think you can do this in Bash and ufw or iptables too -
@Lennerd I'll just let fail2ban do the work for me
@alexbrooklyn I will sooner or later. I just wanted to see how bad the bots really are. And I mean wow. I honestly expected maybe a request an hour? It's closer to one every couple seconds. I was so naïve before this. -
Lennerd5585y@AlgoRythm Since I switched to Linux I run SSH with public key authentication and Denyhosts
-
-
Lennerd5585y@alexbrooklyn Nope, I will take a look at that. Then again, blocking whole countries is never a bad idea
-
And never add a telnet server for some "important message" from your app.
I added a speaker to it and some web crawler/bot woke me up in the middle of the night. -
pain3245y@AlgoRythm
You can get a daily blacklist (api) from https://www.abuseipdb.com/
And this shows how to create a blacklist via iptables:
https://google.com/amp/s/...
But careful, ips might switch owners - you have to update it regularly -
@TheCommoner282 thanks for sharing that, right now my servers don't have any other non-root users or programs that require ssh connections so i'm fine for now, I'll make sure to keep this in mind
-
@TheCommoner282 After reading the article, I wouldn't call it "terrible" advice. I still think it's just fine to do so and avoid the bots the easy way.
-
@TheCommoner282 It ain't obscure it's one number, chill. I just want to avoid them taking up my bandwidth and filling up my auth.log. Even with fail2ban I get 800+ failed logons/ hr. It's just annoying. So far 0 on non-standard port.
It has nothing to do with security and everything to do with knowing that nobody is taking up my system resources to try. -
@TheCommoner282 Security isn't even the concern, I know that it does not technically increase security whatsoever.
I just wanna know that those bastards don't even have the chance to try, while keeping my server open to SSH so I can fuck around with it anywhere.
It's just my home server this isn't like a production box or anything. It has a media server and a Minecraft server running on it.
Opened up my SSH port to the internet out of curiosity on a useless box.
Wow..... so, so many requests.
rant