23
My home server got hit by a brute force attack last Tuesday
I saw over 2000 failed SSH login attempts in the logs from a single IP in China. I blocked the IP and set up fail2ban, but my buddy says I should have just disabled password logins and used keys only. What's your first move when you see something like that?
2 comments
Log in to join the discussion
Log In2 Comments
thea_mitchell206d ago
I used to think blocking was enough, but that exact thing made me switch to keys only.
3
patricia_mason6d ago
Ever notice how we all do the same thing? We put a bandage on a problem instead of fixing the root cause. You see it with people using weak passwords and just adding a second text alert, or only cleaning the visible part of a messy room. Blocking that IP is like locking one broken window while the door's still wide open. Your buddy's right, keys only is actually fixing the lock.
-1