[arm-allstar] Does this look like someone is brute force attacking my node?

Doug Crompton wa3dsp at gmail.com
Tue Feb 25 16:06:22 EST 2020 

BTW - if you want a way to generate a good random PW here is a site:

https://passwordsgenerator.net/

Just make sure you write passwords down somewhere in a safe place!


*73 Doug*

*WA3DSP*

*http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*

On Tue, Feb 25, 2020 at 2:14 PM Doug Crompton <wa3dsp at gmail.com> wrote:

> Please keep in mind that in most cases there is no reason to port forward
> the ssh port unless you need or want control of your node from a remote
> source. Most node operators do not, but they forward this port anyhow. If
> you have only an occasional need for outside access then only forward for
> that need. Also keep in mind that other than the additional traffic, using
> a good random greater than 10 character upper/lower, numeric, special
> character password is not going to get broken. They eventually give up.
> Also the ssh process itself will slow them down.
>
> So lets not make a big deal about this. It comes up like many other topics
> on this list on a cyclic basis when someone complains. The for days it
> becomes the topic of discussion. It has gone on forever and will go on
> forever. No you can't trace with any reliability who it is so it is usually
> not even worth the time trying.
>
>
> *73 Doug*
>
> *WA3DSP*
>
> *http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*
>
> On Tue, Feb 25, 2020 at 1:53 PM "Don Backstrom - AA7AU via ARM-allstar" <
> arm-allstar at hamvoip.org> wrote:
>
>> On Tue 25-Feb-20 06:52, "kd6gdb--- via ARM-allstar" wrote:
>> > Most of em are automated attacks from china.
>>
>>         As the admin for a number of publicly viewable [mostly
>> low-volume]
>> websites, I see lots and lots and lots of bot attacks, of all sorts,
>> from IP addresses from all over the world, including from the good-old
>> USA.
>>
>>         For most sites, I am able to block by underlying generally
>> accurate
>> country code for the IP range, but that doesn't stop the US-based
>> attacks (whom I cannot block in toto). Many of those are from Amazon,
>> GoDaddy, etc type hosting accounts and I suspect most of those accounts
>> are throw-away. Many of the rest from the US seem to be from residential
>> networks.
>>
>>         It's anyone guess who is behind any one one of these bot
>> networks, but
>> I can tell exactly where the fault lies ... those gentle innocent folks
>> who have NOT properly protected* their home/small-biz computers/accounts
>> - which then became infected by the bad guys and are now the hidden
>> fortresses for those bot networks.
>>
>>         <opinion> *BTW: properly protected does NOT mean simply paying
>> someone
>> else for a glossy "Anti-whatever" package and understanding nothing
>> about it. It also, in my mind at least, means NOT running Windows10
>> unless you understand it and have fully secured it. M$ is a big part of
>> the problem, certainly not the solution. </opinion>
>>
>>         If it's convenient, you're at risk (as well as everyone else)!
>>
>>         We have met the enemy and he is us!  (Pogo Papers, c. 1953)
>>
>>         Just another perspective,
>>
>>         - Don - AA7AU
>> _______________________________________________
>>
>> ARM-allstar mailing list
>> ARM-allstar at hamvoip.org
>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>
>> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>>
>

More information about the ARM-allstar mailing list