[arm-allstar] NOTICE for user's with public ssh on port 222
Lu Vencl
ka4eps at gmail.com
Mon Mar 6 19:46:27 EST 2023
Never ever use the default port. I use something out of this world. In addition, nowadays, I use a VPN into my network if I need to access anything. Stop forwarding SSH ports and use a VPN. Life will be better.
Lu
KA4EPS
> On Mar 6, 2023, at 5:47 PM, kd6gdb--- via ARM-allstar <arm-allstar at hamvoip.org> wrote:
>
> Thanks to all,
>
> I like the fail2ban solution and use it alot for my other servers but am
> concerned with the overhead. Obviously the double edge sword here is what
> uses more resources, the constant pounding on my poor little RPi3 node from
> bots around the world that think I am the back door to the "NORAD
> supercomputer known as WOPR (War Operation Plan Response, pronounced
> "whopper"), programmed to continuously run war simulations and learn over
> time" - see the movie WARGAMES (1983) for background or moving dull ham
> radio audio from the world most obnoxious repeater in Los Angeles.
>
>> On Mon, Mar 6, 2023 at 1:47 PM stanley stanukinos via ARM-allstar <
>> arm-allstar at hamvoip.org> wrote:
>>
>> Use fail to ban and input the blocks from those ranges. Drop all packets
>> do not respond to icmp. They start their probing there.
>>
>> Stan
>>
>> Sent from my iPhone
>>
>>> On Mar 6, 2023, at 2:39 PM, Joe Moskalski via ARM-allstar <
>> arm-allstar at hamvoip.org> wrote:
>>>
>>> I have addressed this issue with 2 solutions. One is ban all the IP
>> ranges
>>> from India, China and Russia in my firewall. It's not very surgical but
>>> it's effective. The other is setup a L2TP VPN and not make the SSH port
>>> open to the public only being able to access it through the VPN.
>>>
>>>> On Mon, Mar 6, 2023, 2:13 PM kd6gdb--- via ARM-allstar <
>>>> arm-allstar at hamvoip.org> wrote:
>>>>
>>>> Where did this get to? One of my private nodes has seemed to have
>> become a
>>>> favorite in India with over 500 attempts per hour.
>>>>
>>>> [root at Node1502 local]# strings /var/log/btmp | grep -v '[a-zA-Z]'
>> |sort -u
>>>> 103.246.240.30
>>>> 104.168.64.249
>>>> 113.20.31.42
>>>> 119.93.23.178
>>>> 128.199.246.42
>>>> 134.17.89.159
>>>> 137.184.37.163
>>>> 164.163.104.184
>>>> 164.90.229.196
>>>> 167.233.7.218
>>>> 170.64.178.90
>>>> 177.72.99.10
>>>> 190.144.141.210
>>>> 192.241.157.114
>>>> 31.41.244.124
>>>> 36.255.221.147
>>>> 43.129.201.229
>>>> 47.243.106.91
>>>>
>>>> [root at Node1502 local]# uptime
>>>> 10:04:55 up * 1:06, * 1 user, load average: 0.11, 0.18, 0.17
>>>>
>>>> [root at Node1502 local]# strings /var/log/btmp | grep -v '[a-zA-Z]' |wc
>>>> *505* 505 7296
>>>>
>>>> On Sun, Apr 5, 2020 at 7:38 PM "Al Beard via ARM-allstar" <
>>>> arm-allstar at hamvoip.org> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> This will get you the SSHD info to check:
>>>>>
>>>>> journalctl _COMM=sshd -n 1000 > sshd.log
>>>>>
>>>>> Fedora linux uses "systemd" but still creates most of the "standard"
>>>>> unix log files such that sys-admin's scripts will still mostly work.
>>>>>
>>>>> I've been using Fedora on ARM systems because they put quite an effort
>>>>> into supporting many many boards AND I could move the root (/)
>> filesystem
>>>>> onto a real hard disk either USB or SATA (as in the Banana Pi) and have
>>>> no
>>>>> and I mean NO SD card wear out problems.
>>>>> And, the kernel update process worked seamlessly. dnf -y upgrade
>>>>>
>>>>> My first Raspberry Pi version 1 with 256Mb ram would burn out an SD
>> card
>>>>> in a day. Thus, with SATA disks everywhere I looked for a SoC with a
>> SATA
>>>>> interface and found the Allwinner A20 chip on the Banana Pi board did.
>>>>>
>>>>> Alan VK2ZIW
>>>>>
>>>>> On Sun, 5 Apr 2020 17:31:47 -0700, \"Tony via ARM-allstar\" wrote
>>>>>> On 4/5/20 4:44 PM, "David McGough via ARM-allstar" wrote:
>>>>>>> ... I'll upload a copy of the code I'm using, if you'd like to
>>>>> experiment
>>>>>>> with it? This code will get wrapped into a package included in
>>>>> HamVoIP,
>>>>>>> ultimately.
>>>>>>
>>>>>> Is it essentially a Hamvoip-specific configuration for the fail2ban
>>>>> package?
>>>>>> _______________________________________________
>>>>>>
>>>>>> ARM-allstar mailing list
>>>>>> ARM-allstar at hamvoip.org
>>>>>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>>>>>
>>>>>> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>>>>>
>>>>>
>>>>> ---------------------------------------------------
>>>>> Alan Beard
>>>>>
>>>>> OpenWebMail 2.53
>>>>>
>>>>> _______________________________________________
>>>>>
>>>>> ARM-allstar mailing list
>>>>> ARM-allstar at hamvoip.org
>>>>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>>>>
>>>>> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>>>>>
>>>>
>>>>
>>>> --
>>>> Pursuant to U.S. Code, title 47, Chapter 5, Sub chapter II, ß227,
>>>> "Any and all non solicited commercial E-mail sent to this address is
>>>> subject to a download and archival fee of $500.00 U.S.". E-mailing
>> denotes
>>>> acceptance of these terms.
>>>> _______________________________________________
>>>>
>>>> ARM-allstar mailing list
>>>> ARM-allstar at hamvoip.org
>>>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>>>
>>>> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>>>>
>>> _______________________________________________
>>>
>>> ARM-allstar mailing list
>>> ARM-allstar at hamvoip.org
>>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>>
>>> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>>
>> _______________________________________________
>>
>> ARM-allstar mailing list
>> ARM-allstar at hamvoip.org
>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>
>> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>>
>
>
> --
> Pursuant to U.S. Code, title 47, Chapter 5, Sub chapter II, ß227,
> "Any and all non solicited commercial E-mail sent to this address is
> subject to a download and archival fee of $500.00 U.S.". E-mailing denotes
> acceptance of these terms.
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
More information about the ARM-allstar
mailing list