So, I wanted to be able to access Haruka from outside of my home. When I first set that up, Haruka was getting "hit" by hundreds of login attempts per minute from all over the world.
At first, I was intrigued and kept stats, but over time, I was blocking bigger and bigger portions of the Internet from Haruka. So I decided to simply move the ssh port to a non-standard number.
That worked and worked for quite some time. But that ended about 4:50am today.
Someone, with way too much time on their hands decided to do a big port scan looking for non-standard ssh ports and finally stumbled on mine. So back to their really lame attempt at logging in as root (hint: root's not allowed to ssh in to my server - so that isn't going to go too far. And for the person doing a dictionary attack, and the other person doing a rainbow attack, there's exactly 2 user IDs that can log in and you can't guess what they are - let alone guess the passwords).
But I'm tired of getting emails saying "there's an attacker!" and having logs filled with their lame attempts. So I've moved the ssh port again. Good luck finding that port. There are only 65535 ports. If it took them 2 years to find the last one, I figure it should take them about 10 to find the new one.
No comments:
Post a Comment