[arm-allstar] NOTICE for user's with public ssh on port 222
Joe Moskalski
kc2irv at gmail.com
Mon Mar 6 15:11:32 EST 2023
I have addressed this issue with 2 solutions. One is ban all the IP ranges
from India, China and Russia in my firewall. It's not very surgical but
it's effective. The other is setup a L2TP VPN and not make the SSH port
open to the public only being able to access it through the VPN.
On Mon, Mar 6, 2023, 2:13 PM kd6gdb--- via ARM-allstar <
arm-allstar at hamvoip.org> wrote:
> Where did this get to? One of my private nodes has seemed to have become a
> favorite in India with over 500 attempts per hour.
>
> [root at Node1502 local]# strings /var/log/btmp | grep -v '[a-zA-Z]' |sort -u
> 103.246.240.30
> 104.168.64.249
> 113.20.31.42
> 119.93.23.178
> 128.199.246.42
> 134.17.89.159
> 137.184.37.163
> 164.163.104.184
> 164.90.229.196
> 167.233.7.218
> 170.64.178.90
> 177.72.99.10
> 190.144.141.210
> 192.241.157.114
> 31.41.244.124
> 36.255.221.147
> 43.129.201.229
> 47.243.106.91
>
> [root at Node1502 local]# uptime
> 10:04:55 up * 1:06, * 1 user, load average: 0.11, 0.18, 0.17
>
> [root at Node1502 local]# strings /var/log/btmp | grep -v '[a-zA-Z]' |wc
> *505* 505 7296
>
> On Sun, Apr 5, 2020 at 7:38 PM "Al Beard via ARM-allstar" <
> arm-allstar at hamvoip.org> wrote:
>
> > Hi,
> >
> > This will get you the SSHD info to check:
> >
> > journalctl _COMM=sshd -n 1000 > sshd.log
> >
> > Fedora linux uses "systemd" but still creates most of the "standard"
> > unix log files such that sys-admin's scripts will still mostly work.
> >
> > I've been using Fedora on ARM systems because they put quite an effort
> > into supporting many many boards AND I could move the root (/) filesystem
> > onto a real hard disk either USB or SATA (as in the Banana Pi) and have
> no
> > and I mean NO SD card wear out problems.
> > And, the kernel update process worked seamlessly. dnf -y upgrade
> >
> > My first Raspberry Pi version 1 with 256Mb ram would burn out an SD card
> > in a day. Thus, with SATA disks everywhere I looked for a SoC with a SATA
> > interface and found the Allwinner A20 chip on the Banana Pi board did.
> >
> > Alan VK2ZIW
> >
> > On Sun, 5 Apr 2020 17:31:47 -0700, \"Tony via ARM-allstar\" wrote
> > > On 4/5/20 4:44 PM, "David McGough via ARM-allstar" wrote:
> > > > ... I'll upload a copy of the code I'm using, if you'd like to
> > experiment
> > > > with it? This code will get wrapped into a package included in
> > HamVoIP,
> > > > ultimately.
> > >
> > > Is it essentially a Hamvoip-specific configuration for the fail2ban
> > package?
> > > _______________________________________________
> > >
> > > ARM-allstar mailing list
> > > ARM-allstar at hamvoip.org
> > > http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> > >
> > > Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
> >
> >
> > ---------------------------------------------------
> > Alan Beard
> >
> > OpenWebMail 2.53
> >
> > _______________________________________________
> >
> > ARM-allstar mailing list
> > ARM-allstar at hamvoip.org
> > http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> >
> > Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
> >
>
>
> --
> Pursuant to U.S. Code, title 47, Chapter 5, Sub chapter II, ß227,
> "Any and all non solicited commercial E-mail sent to this address is
> subject to a download and archival fee of $500.00 U.S.". E-mailing denotes
> acceptance of these terms.
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>
More information about the ARM-allstar
mailing list