Fuck China so much

Why is your SSH not restricted to local? or through VPN?***

>blacklisting
>not installing a honeypot that logs
youtube.com/watch?v=mSiCKJWGeoI

Is there any harm in wasting their cycles, besides wasting your own?

Just ddos or brute force them back, user. Asian countries don't enforce strict cybersecurity rules

Just use public key authentication like a white person. Then it doesn't matter how many times China tries to log in.

so you let them in and then what?

log what they do to your machine?

>Asian countries don't enforce strict cybersecurity rules
source: my ass

Done setting things up. Changed port, disabled root login, disabled password login (key only)

It should be enough to stop random bots right?

You're a fucking retard. Just get back to where you came from.

is that your VPS or a VPS from Digital Ocean, linode, etc?

how's that key thing work?

t. noob

>disabled root login
Epic meme bro, really good reddit advice there

Why is it bad?

why? I have a sudo user

rude

make your own key
ssh copy id
then edit sshd_conf to make public key the only authentication method.

>make le edgy thread to seem l337
>out yourself as a noob dumbass instead

Like poetry every single time

It's a fake shell with limited functionality that you can customize.

>sudo
>not doas
jej

We should imprison people who go around checking if every door is locked.

>doas
the fuck

never heard about it

why isn't more common?

why, some places block outgoing traffic to unknown ports, so I keep it on 22.
and they can try all they want, just use a good fucking password

Wrong it's CIA spoofing it's from china. Watch out op

How would you know? You recognize any of those addresses?

maybe

> anti brute force measure
What's the point? There is no way to brute force ssh with a key file and sane settings, that's the very reason why you use it.

So I could load up a bunch of gay porn on it?

The target environment should be different from the host.

>
>car botnet

you mean fuck the faggots bruteforcing your VPS though chinese proxies?
the fact that the attacks come from there doesn't mean the attackers are chinese, obviously

Attached: 1513241383202.jpg (728x640, 500K)

>still having password login enabled

>just use a good fucking password

Attached: 1534480750944.png (696x658, 907K)

i wonder what will happen when the chinese discover port scanners ..

what's the problem, you little retards?

OpenSSH Username Enumeration
seclists.org/oss-sec/2018/q3/124

I don't like hearing this cat growl.

They not are real "chinese hackers" port-knocking your server, they are american/european bots using chinese proxies (a.k.a no-patched home devices)

bingo

I'm gonna run for president and my platform will be banning China from the internet, and I will get the vote of every sysadmin in the country.

I died

No they don't. What if I told you you can find underaged porn on the normal net from asian countries?
>t.asian

Don't forget Russia and Ukraine, but China is an excellent start.

I have mines on port 2222 and i still get chinese bots knocking on my door

this sounds pretty bad

You attract the stuttering ssh hackers

It's pretty useless without the key. The only thing that gets leaked is the usernames that are allowed to log in.

Look into port knocking and change to aore obscure port.

Or just keep doing what you're doing, but make sure root login is disallowed and you're only logging in with public keys. Ez.

Attached: 1534375456672.jpg (1000x1200, 199K)

Attached: 1482995645552.png (1280x720, 847K)

yes, a good fucking password is secure enough, you dont need an autistic key

he can't be as retarded as this unhelpful retarded post

So what am I looking at? I am curious.

Attached: EE3F5102-34DA-472E-B374-0908A3A6E82E.jpg (638x544, 61K)

top kek

Attached: mikoto laugh transparent.png (1189x1051, 878K)

Nigga it's been explained a few times in this thread.

Op has SSH on port 22 open to the world.
Chinese IPs trying to get in.
Now anons are sword fighting with their e-peens to argue which method is best for stopping this activity.

Why would you install failtoban? That lets other people ban you by spoofing IP packets.

You make it possible to DoS yourself with only a few dozen packets.

Nigga just unplug the Internet cord

What the fuck is the big mystery

Attached: 69BF2F82-C926-4FEC-A36D-D56164916C6F.jpg (1200x675, 68K)

This thread inspired me to block the entire world
BLOCK THE PLANET

Should I block ssh port if I don't run an ssh server, just a regular desktop?

Yes

Oh snap.

Anyway; I've had an SSH port open on the internet for months now.
- Disable root login
- Disable password (Upload your pubkey before doing this, and set up a cron job to automatically add your pubkey to authorized_keys if it gets deleted by you accidentally. IE; check for your pub key in the file, if not there, add it. So long as it runs it will stop you from blocking yourself from your own server by baleeting your pubkey.)
- Pubkey ONLY
- Setup fail2ban

SSH is pretty strong. Apart from that username enumeration. That'll get patched pretty quickly. Note that changing the port is not a real defence. It'll reduce the amount of traffic you get but it won't increase security.
I run a load of services, not just SSH. If you're only going to run one service, make it SSH.
Pubkeys are good but be careful to back them up somewhere secure since it's your only access.

# Create the ipset list
ipset -N china hash:net

# remove any old list that might exist from previous runs of this script
rm cn.zone

# Pull the latest IP set for China
wget -P . ipdeny.com/ipblocks/data/countries/cn.zone

# Add each IP address from the downloaded list into the ipset 'china'
for i in $(cat /etc/cn.zone ); do ipset -A china $i; done

# Restore iptables
/sbin/iptables-restore < /etc/iptables.firewall.rules

echo "China is blocked."

requires ipset

ssh-keys are easy to setup

Blocking entire countries is nice but isn't a substitute for a secure configuration. NK, China, etc, compromise weak machines around the world and use them as a staging point to attack other machines. Stopping direct attacks isn't too meaningful.

>2222
That's because you should go over 20000 faggot. Most bots don't bother scanning these ranges.

Attached: topkek.jpg (800x800, 98K)

Can someone confirm? I heard from another user there is no need for that.

>not rangebanning the entirety of China

Attached: repping_CDC.png (252x252, 13K)

You should allow only ports that you use and block everything else.

Aug 18 11:03:23 lain sshd[30610]: Disconnected from invalid user test 40.67.197.92 port 45212 [preauth]
Aug 18 11:03:23 lain sshd[30610]: Received disconnect from 40.67.197.92 port 45212:11: Normal Shutdown, Thank you for playing [preauth]
Aug 18 11:03:23 lain sshd[30610]: Failed password for invalid user test from 40.67.197.92 port 45212 ssh2
Aug 18 11:03:21 lain sshd[30610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.67.197.92
Aug 18 11:03:21 lain sshd[30610]: pam_unix(sshd:auth): check pass; user unknown
Aug 18 11:03:21 lain sshd[30610]: pam_tally(sshd:auth): pam_get_uid; no such user
Aug 18 11:03:21 lain sshd[30610]: Invalid user test from 40.67.197.92 port 45212

It' not just china. 40.67.197.92 is Netherlands, Microsoft Azure.

the ssh server downloads a pastebin with one ip address and then allows only that. then on your host you have a script that edits the pastebin with the current address and ssh in

Attached: 1534045213390.png (500x590, 19K)

>Needing to wait for the list to update

Attached: 1518865144297.jpg (1024x948, 99K)

perfect security might be slow

>perfect security
>trusting pastebin, a company that literally makes its money from ads and subscriptions plus all the data mining.

you can encrypt the ip address or add a bunch of text so that it would be harder to find . maybe instead of dots just add some text. the first 4 numbers are the ip and no one knows

That takes extra time and performance to scan all ports for SSH activity, you dumb smug nigga.

It's the reason why port 22 is targeted all the time, the people who don't move it are also less likely to have configured it properly. Move it to something completely random, don't even use shit like 2222.

Internet backbone bandwidth is large enough now that full port scans are viable. Say if you owned a million machines like any half decent state actor / botnet owner, you could scan every IP on every port.

>Say if you owned a million machines

"Draw the rest of the fucking owl."

Attached: 1519551572303.gif (351x387, 988K)

To be fair, a bored retard like myself gets to learn a lot from y'all when this sort of thing happens

may someone be kind enough to tell me what is op trying to refer to?

>220
naw fuck that use 44444

and? so you'll have less people looking at your ports thus saving your bandwidth

use 44222
having had any chinese in 13 years, so far so good

see

> Not setting your server so that Chinese IPs get immediately redpilled on 六四事件 upon an attempt.

Attached: 1534593990619.gif (249x200, 562K)

>perfect security
>security through obscurity

now you will. Don't disclose your port, you fucked up.

Decent SSH security 101
>Disable password login.
>Use SSH keys.
/thread

i'm getting the idea is that the honeypot will look vulnerable, but actually useless, so like a diversion from whatever you might have running?

Who cares? They won't get in if you use key based auth.

Isn't that enough harm? CPU time is expensive.

I'll just change it to 44223

OP, if you really want to hate china setup an ssh honeypot.

does 六四事件 actually kill their internet?
i've seen posts saying that posting that in a vidyagayme instantly disconnects the chinks
not sure if its true