Q: I run a home server, usually isolated network services, but a few things outside my router forwarded by ssh, which allows me to ssh tunnel to my home network access.
Just out of boredom, I looked at the security logs and tons of invalid logon attempts to find an IP address (222.122.56.141) in Korea. Now I doubt they have laws against hacking, so contact abuse department probably just do something, and they probably will not understand my English but I can use an online translator .
My setup is secure, as far as I know. a single user is allowed to log in, and must then su as root. so he can brute force anything he wants, but just to get even with a valid password.
So from a legal standpoint and a safety standpoint, what are the best things I can do now? Im not afraid . yet, because a simple brute force just to get him, but when I target of fixes for some reason or another, it can grow to more sophisticated attack.
Best Answer: They won't do anything because #1 they aren't police and #2 it would be an invasion of privacy. Argh!
The Carpal Tunnel Recovery Kit
Re:Moving the port ended all the failed login attempts on all my servers. Nobody goes wandering up in the higher thousands with port scans.
Carpal Tunnel Master and Beyond
Re:I closed it up for now, but yeah been wanting to figure out some kindof mechanism to auto block failed logins. I need to learn how to use iptables first. And I'll move the port since that will probably save against the bots at least.
Either way, all the failed attempts are as root so i'm not too woried, I'll get worried when I see the username that CAN login.
Conquering Carpal Tunnel Syndrome
Re:Just typical mindless bot crap. Move the SSH port if you don't want the login failures cluttering your logs.
How You Overcome Carpal Tunnel Syndrome Without Surgery
Re:You could move the SSH port, create a script to block IPs with multiple failed login attempts, or shutdown SSH.
There are lots of bots out there trying to get more systems by brute forcing systems through SSH.
The Amazing Carpal Tunnel Cure!
Re:You said yourself that you doubt the Korean government or their ISP will care and I would agree. I also really doubt your ISP or government would be willing to do anything either, but you can notify them if you want the worst that would happen is that they ignore you.
How To Get Started Computer EBook(R)s.
Re:So I can just assume its a script? Can I still do anything legally, like some kind of place to report them or something? I cant see why I'd be targetted though so it probably is a script and I'm 1 of 1000000's of machines being hit.
Cure Carpal Tunnel Syndrome And Hand/Wrist Pain System
Re:You're not being targetted, those brute-force scripts have been running for a few years now.
0 Comments.