[ale] Ouch goddamnit
Raj Wurttemberg
rajaw at c64.us
Thu Aug 14 12:50:26 EDT 2025
Sorry to hear that your system got (possibly?) hacked. Yeah, fail2ban is an amazing tool. If I absolutely must have ssh open to the outside, I usually move ssh to a different port (yeah, you could still find it easily with a port scan), and I configure fail2ban.
/Raj
From: Ale <ale-bounces at ale.org> on behalf of lollipopman691 via Ale <ale at ale.org>
Reply-To: Atlanta Linux Enthusiasts <ale at ale.org>
Date: Thursday, August 14, 2025 at 11:24 AM
To: Atlanta Linux Enthusiasts <ale at ale.org>
Cc: lollipopman691 <lollipopman691 at pm.me>
Subject: [ale] Ouch goddamnit
More assholes from China bringing my site down. When I rebooted, I couldn't help but notice that my uptime(1) stats were spiking into the double-digit range and the system was becoming unresponsive.
I wrote a quick and simple script to figure out who these guys are so I can block them at the AWS firewall. If anyone else can use it, here ( https://tomshiro.org/foswiki/ALE/BadActorScript ) 'tis.
Looks like if I am _really_ clever I might-could figure out a way to let fail2ban(1) handle this automagically. A project for another day.
-- CHS
_______________________________________________
Ale mailing list
Ale at ale.org
https://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20250814/5ee7d5c0/attachment.htm>
More information about the Ale
mailing list