Conversation

Notices

1. nixCraft 🐧 (nixcraft@mastodon.social)'s status on Friday, 29-Dec-2023 20:45:35 JST nixCraft 🐧

   The article talks about using poor password attack vectors. just clickbait. And What do you mean again? The bots never stopped. The scanning never stopped. Here is a guide to protect your openssh https://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html

   • zetabeta (zetabeta@mastodon.social)'s status on Friday, 29-Dec-2023 21:20:19 JST zetabeta

     in reply to

     @nixCraft
     i will make an admission. one my linux installation got hacked many years ago. basically it was my idiotic mistake. i forgot to shutdown ssh server or firewall it. good news was that it was simplistic ddos attack script.

   • Freevolt (freevolt24@mastodon.social)'s status on Friday, 29-Dec-2023 21:23:20 JST Freevolt

     in reply to

     @nixCraft if hackers slept and resumed bruteforcing SSH the other day, it can still be called 'doing it again' right

   • Markus Peuhkuri (puhuri@mastodon.social)'s status on Friday, 29-Dec-2023 21:43:42 JST Markus Peuhkuri

     in reply to

     @nixCraft
     Years ago a graduate student connected RPi with default password and ssh enabled to our experimental (=fully open) network segment. Someone managed to log in just 23 seconds after his first login.
     Bad passwords, allowing password authentication and no fail2ban is just as bad idea as it has ever been. Furthermore, most systems could just limit ssh access only from trusted networks, so you need to have to keep better eye to one or few jumphosts for ssh -J jump.example.com (or use VPN).

   • Arthur (averseabfun@mastodon.social)'s status on Friday, 29-Dec-2023 22:56:26 JST Arthur

     in reply to

     @nixCraft wemy solution: don't port forward my ssh so unless they connect to my secure network at the exact time I happen to be hosting an ssh seever, which is usually for under a day, and then manage to guess my username and password, I think I'm fine.

   • nixCraft 🐧 (nixcraft@mastodon.social)'s status on Saturday, 30-Dec-2023 00:17:38 JST nixCraft 🐧

     in reply to

     • Kevin Karhan :verified:

     @kkarhan what firewall are you using?

   • Kevin Karhan :verified: (kkarhan@mstdn.social)'s status on Saturday, 30-Dec-2023 00:17:39 JST Kevin Karhan :verified:

     in reply to

     @nixCraft I mean, my firewall is constantly getting hammered with shit from impersonaltors with spoofed IPs...

     They just hammer with #pwnat - esque exploits and try to #telnet into shit.

     And it's really interesting to see...
     http://samy.pl/pwnat/

   • Kevin Karhan :verified: (kkarhan@mstdn.social)'s status on Saturday, 30-Dec-2023 00:17:40 JST Kevin Karhan :verified:

     in reply to

     @nixCraft Eeyupp...

     That's why one has to use #FailToBan very aggressively as well as blocklists AND ideally pubkey-based auth.

     I mean, I do pull a lot of blocklists on top of that because there is no legitimate reason not to use #Spamhaus #DROP blocklists...

     https://github.com/greyhat-academy/lists.d/blob/main/blocklists.list.tsv