My home server got hit by a brute force attack last Tuesday

I saw over 2000 failed SSH login attempts in the logs from a single IP in China. I blocked the IP and set up fail2ban, but my buddy says I should have just disabled password logins and used keys only. What's your first move when you see something like that?

3 comments

3 Comments

thea_mitchell201mo ago

I used to think blocking was enough, but that exact thing made me switch to keys only.

oliviat171mo ago

Wait, you were just blocking IPs before? That's wild, @thea_mitchell20. I figured everyone knew those change all the time, it's like trying to stop a leak with tape. Switching to keys is the only thing that actually works.

patricia_mason1mo ago

Ever notice how we all do the same thing? We put a bandage on a problem instead of fixing the root cause. You see it with people using weak passwords and just adding a second text alert, or only cleaning the visible part of a messy room. Blocking that IP is like locking one broken window while the door's still wide open. Your buddy's right, keys only is actually fixing the lock.

-1