16
Just got my 10,000th blocked login attempt alert from my home server
It happened overnight, mostly from IPs in Vietnam and Brazil trying default SSH passwords. I run a basic fail2ban setup on an old Ubuntu box, but seeing that exact number pop up made me realize how constant the background noise of attacks really is. What's a good way to tell if these are just bots or something more targeted I should worry about?
2 comments
Log in to join the discussion
Log In2 Comments
grant90115h ago
Yeah that "background noise" thing hits home. I had the same with my old server, just endless tries for admin and root. I switched SSH to a non standard port and set up key only login, no passwords at all. The alert logs went dead quiet overnight, maybe one or two a week now. It's still bots just scanning the whole internet, but they move on if you're not on the default door.
3