Fuck China so much
Fuck China so much
Other urls found in this thread:
youtube.com
seclists.org
ipdeny.com
twitter.com
Do you drive an ae 86 at least?
Nice VPN you have in there
Move it off of port 22, you fucking idiot.
It was a brand new VPS, I got all these attempts in like 3 days.
I drive a Ford Focus.
Yep
What is this?
Log for a script called fail2ban, helps with ssh security. Those are failed login attempts, the ip addresses are all from China.
This.
If you're a lazy bum just use SSH on port 220 or something. Combine with any anti-brute force measure and you'll cut down 99% of random bot SSH attempts.
Nigger either change the default port or close the port entirely.
Why is your port open to begin with?
Why is your SSH not restricted to local? or through VPN?***
>blacklisting
>not installing a honeypot that logs
youtube.com
Is there any harm in wasting their cycles, besides wasting your own?
Just ddos or brute force them back, user. Asian countries don't enforce strict cybersecurity rules
Just use public key authentication like a white person. Then it doesn't matter how many times China tries to log in.
so you let them in and then what?
log what they do to your machine?
>Asian countries don't enforce strict cybersecurity rules
source: my ass
Done setting things up. Changed port, disabled root login, disabled password login (key only)
It should be enough to stop random bots right?
You're a fucking retard. Just get back to where you came from.
is that your VPS or a VPS from Digital Ocean, linode, etc?
how's that key thing work?
t. noob
>disabled root login
Epic meme bro, really good reddit advice there
Why is it bad?
why? I have a sudo user
rude
make your own key
ssh copy id
then edit sshd_conf to make public key the only authentication method.
>make le edgy thread to seem l337
>out yourself as a noob dumbass instead
Like poetry every single time
It's a fake shell with limited functionality that you can customize.
>sudo
>not doas
jej
We should imprison people who go around checking if every door is locked.
>doas
the fuck
never heard about it
why isn't more common?
why, some places block outgoing traffic to unknown ports, so I keep it on 22.
and they can try all they want, just use a good fucking password
Wrong it's CIA spoofing it's from china. Watch out op
How would you know? You recognize any of those addresses?
maybe
> anti brute force measure
What's the point? There is no way to brute force ssh with a key file and sane settings, that's the very reason why you use it.
So I could load up a bunch of gay porn on it?
The target environment should be different from the host.
>
>car botnet
you mean fuck the faggots bruteforcing your VPS though chinese proxies?
the fact that the attacks come from there doesn't mean the attackers are chinese, obviously
>still having password login enabled
>just use a good fucking password
i wonder what will happen when the chinese discover port scanners ..
what's the problem, you little retards?
OpenSSH Username Enumeration
seclists.org
I don't like hearing this cat growl.
They not are real "chinese hackers" port-knocking your server, they are american/european bots using chinese proxies (a.k.a no-patched home devices)
bingo
I'm gonna run for president and my platform will be banning China from the internet, and I will get the vote of every sysadmin in the country.
I died
No they don't. What if I told you you can find underaged porn on the normal net from asian countries?
>t.asian
Don't forget Russia and Ukraine, but China is an excellent start.
I have mines on port 2222 and i still get chinese bots knocking on my door
this sounds pretty bad
You attract the stuttering ssh hackers
It's pretty useless without the key. The only thing that gets leaked is the usernames that are allowed to log in.
Look into port knocking and change to aore obscure port.
Or just keep doing what you're doing, but make sure root login is disallowed and you're only logging in with public keys. Ez.
yes, a good fucking password is secure enough, you dont need an autistic key
he can't be as retarded as this unhelpful retarded post
So what am I looking at? I am curious.
top kek
Nigga it's been explained a few times in this thread.
Op has SSH on port 22 open to the world.
Chinese IPs trying to get in.
Now anons are sword fighting with their e-peens to argue which method is best for stopping this activity.
Why would you install failtoban? That lets other people ban you by spoofing IP packets.
You make it possible to DoS yourself with only a few dozen packets.
Nigga just unplug the Internet cord
What the fuck is the big mystery
This thread inspired me to block the entire world
BLOCK THE PLANET
Should I block ssh port if I don't run an ssh server, just a regular desktop?
Yes
Oh snap.
Anyway; I've had an SSH port open on the internet for months now.
- Disable root login
- Disable password (Upload your pubkey before doing this, and set up a cron job to automatically add your pubkey to authorized_keys if it gets deleted by you accidentally. IE; check for your pub key in the file, if not there, add it. So long as it runs it will stop you from blocking yourself from your own server by baleeting your pubkey.)
- Pubkey ONLY
- Setup fail2ban
SSH is pretty strong. Apart from that username enumeration. That'll get patched pretty quickly. Note that changing the port is not a real defence. It'll reduce the amount of traffic you get but it won't increase security.
I run a load of services, not just SSH. If you're only going to run one service, make it SSH.
Pubkeys are good but be careful to back them up somewhere secure since it's your only access.
# Create the ipset list
ipset -N china hash:net
# remove any old list that might exist from previous runs of this script
rm cn.zone
# Pull the latest IP set for China
wget -P . ipdeny.com
# Add each IP address from the downloaded list into the ipset 'china'
for i in $(cat /etc/cn.zone ); do ipset -A china $i; done
# Restore iptables
/sbin/iptables-restore < /etc/iptables.firewall.rules
echo "China is blocked."
requires ipset
ssh-keys are easy to setup
Blocking entire countries is nice but isn't a substitute for a secure configuration. NK, China, etc, compromise weak machines around the world and use them as a staging point to attack other machines. Stopping direct attacks isn't too meaningful.
>2222
That's because you should go over 20000 faggot. Most bots don't bother scanning these ranges.
Can someone confirm? I heard from another user there is no need for that.
>not rangebanning the entirety of China
You should allow only ports that you use and block everything else.
Aug 18 11:03:23 lain sshd[30610]: Disconnected from invalid user test 40.67.197.92 port 45212 [preauth]
Aug 18 11:03:23 lain sshd[30610]: Received disconnect from 40.67.197.92 port 45212:11: Normal Shutdown, Thank you for playing [preauth]
Aug 18 11:03:23 lain sshd[30610]: Failed password for invalid user test from 40.67.197.92 port 45212 ssh2
Aug 18 11:03:21 lain sshd[30610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.67.197.92
Aug 18 11:03:21 lain sshd[30610]: pam_unix(sshd:auth): check pass; user unknown
Aug 18 11:03:21 lain sshd[30610]: pam_tally(sshd:auth): pam_get_uid; no such user
Aug 18 11:03:21 lain sshd[30610]: Invalid user test from 40.67.197.92 port 45212
It' not just china. 40.67.197.92 is Netherlands, Microsoft Azure.
the ssh server downloads a pastebin with one ip address and then allows only that. then on your host you have a script that edits the pastebin with the current address and ssh in
>Needing to wait for the list to update
perfect security might be slow
>perfect security
>trusting pastebin, a company that literally makes its money from ads and subscriptions plus all the data mining.
you can encrypt the ip address or add a bunch of text so that it would be harder to find . maybe instead of dots just add some text. the first 4 numbers are the ip and no one knows
That takes extra time and performance to scan all ports for SSH activity, you dumb smug nigga.
It's the reason why port 22 is targeted all the time, the people who don't move it are also less likely to have configured it properly. Move it to something completely random, don't even use shit like 2222.
Internet backbone bandwidth is large enough now that full port scans are viable. Say if you owned a million machines like any half decent state actor / botnet owner, you could scan every IP on every port.
>Say if you owned a million machines
"Draw the rest of the fucking owl."
To be fair, a bored retard like myself gets to learn a lot from y'all when this sort of thing happens
may someone be kind enough to tell me what is op trying to refer to?
>220
naw fuck that use 44444
and? so you'll have less people looking at your ports thus saving your bandwidth
use 44222
having had any chinese in 13 years, so far so good
see
> Not setting your server so that Chinese IPs get immediately redpilled on 六四事件 upon an attempt.
>perfect security
>security through obscurity
now you will. Don't disclose your port, you fucked up.
Decent SSH security 101
>Disable password login.
>Use SSH keys.
/thread
i'm getting the idea is that the honeypot will look vulnerable, but actually useless, so like a diversion from whatever you might have running?
Who cares? They won't get in if you use key based auth.
Isn't that enough harm? CPU time is expensive.
I'll just change it to 44223
OP, if you really want to hate china setup an ssh honeypot.
does 六四事件 actually kill their internet?
i've seen posts saying that posting that in a vidyagayme instantly disconnects the chinks
not sure if its true