Conversation

Notices

1. Embed this notice
   :apa: スプリットショックウイルス † (splitshockvirus@mstdn.starnix.network)'s status on Wednesday, 27-Mar-2024 06:15:12 JST :apa: スプリットショックウイルス †

   • かき@GNUsocialJP
   • catto

   @catto I think it's if you disable password authentication entirely in sshd they won't even be able to try a username. I didn't but there's no password so they're trying in vain.

   • Embed this notice
     ロミンちゃん (romin@shitposter.club)'s status on Wednesday, 27-Mar-2024 06:15:11 JST ロミンちゃん

     in reply to

     • catto
     @splitshockvirus @catto I only have publickey and logs still show login attempts with usernames
   • Embed this notice
     ロミンちゃん (romin@shitposter.club)'s status on Wednesday, 27-Mar-2024 06:30:55 JST ロミンちゃん

     in reply to

     • catto
     @splitshockvirus @catto I mean they can't do anything as there no password option, it's still annoying and log flooding. Changing the port doesn't mitigate the spam in my experience either. IP whitelisting or port knocking should work wonders indeed.
   • Embed this notice
     :apa: スプリットショックウイルス † (splitshockvirus@mstdn.starnix.network)'s status on Wednesday, 27-Mar-2024 06:30:56 JST :apa: スプリットショックウイルス †

     in reply to

     • かき@GNUsocialJP
     • ロミンちゃん
     • catto

     @romin @catto

     It must be something else I did then, I'm not sure I do a bunch of layered defense typically for permanent sevices.

     Off the top of my head, you can change the port number for ssh to something else, that usually stops basically all bots or restrict which IPs access the port via firewall, or do a VPN or ssh gateway.

   • Embed this notice
     :apa: スプリットショックウイルス † (splitshockvirus@mstdn.starnix.network)'s status on Wednesday, 27-Mar-2024 06:56:03 JST :apa: スプリットショックウイルス †

     in reply to

     • かき@GNUsocialJP
     • ロミンちゃん
     • catto

     @romin @catto Port knocking is savage, I've never set it up though.

     ロミンちゃん likes this.
   • Embed this notice
     catto (catto@maidsin.space)'s status on Wednesday, 27-Mar-2024 07:53:48 JST catto

     in reply to

     • ロミンちゃん
     @romin @splitshockvirus yeah it's no big deal with key-only ssh set up tbh. I just tried to look at my own log because of this post and it took like half a minute for the log file to open :BlobCat_Laughing:
     ロミンちゃん likes this.
   • Embed this notice
     :marseyloadingneon: m0xEE :marseyloading: (m0xee@breloma.m0xee.net)'s status on Wednesday, 27-Mar-2024 08:04:45 JST :marseyloadingneon: m0xEE :marseyloading:

     in reply to

     • ロミンちゃん
     • catto
     @romin @catto @splitshockvirus
     Nonstandard port + fail2ban keep the log spam at a minimum, it's like five tries and then goodbye for 15 minutes. Few are insistent enough to keep going and in this case you can block the whole subnet manually.