HubertManne@kbin.social
on 17 Apr 2024 13:20
nextcollapse
I thought it was common practice to not allow logins for some period after like half a dozen failures.
Darkassassin07@lemmy.ca
on 17 Apr 2024 13:27
nextcollapse
There’s a few ways to do it; but if they block based on username it can lockout legitimate users too.
This is what fail2ban is for. Too many failed auths from an IP and that whole IP is blacklisted for a day or two. This can still catchout vpn users, but it’s still less disruptive.
HubertManne@kbin.social
on 17 Apr 2024 13:34
nextcollapse
Many blocked for an hour or even just 10 mins. at the time it was enough to get the attack scripts to change targets.
SemiAuto@sh.itjust.works
on 18 Apr 2024 07:32
collapse
I went a bit overboard I think with my fail2ban configuration.
If you fail 2 times to login in any admin interfaces (ssh, web, etc), you get banned for around 4880 days…
I have too many banned IPs already… :/
yeah and im thinking from an early 2000 perspective to where not being able to login for an hour was not necessarily a big deal. Whereas now so much of our life is online its not really as laid back a proposition.
nbailey@lemmy.ca
on 17 Apr 2024 14:38
nextcollapse
Anybody who’s ever exposed any service to the internet knows this as the “background radiation” of the net. My boxes get thousands of random connection attempts per day. The best practice for years has been to use keypairs and/or VPNs. Friends don’t let friends expose RDP to the web.
lost_faith@lemmy.ca
on 17 Apr 2024 15:57
nextcollapse
I had a little linux server years ago and after a setup forgot to change my SSH port. One day I noticed my network was slow and after poking around realized that I had someone knocking at my port trying pass after pass with like 15 - 30 sec between attempts, watched this person for 2 days laughing at the 8-10 char passwords they were using, my password was a sentence. I then shifted the port to the 30k range and all was silent on my ports, always remember to change default ports, fun times
threaded - newest
I thought it was common practice to not allow logins for some period after like half a dozen failures.
There’s a few ways to do it; but if they block based on username it can lockout legitimate users too.
This is what fail2ban is for. Too many failed auths from an IP and that whole IP is blacklisted for a day or two. This can still catchout vpn users, but it’s still less disruptive.
Many blocked for an hour or even just 10 mins. at the time it was enough to get the attack scripts to change targets.
I went a bit overboard I think with my fail2ban configuration. If you fail 2 times to login in any admin interfaces (ssh, web, etc), you get banned for around 4880 days… I have too many banned IPs already… :/
Indeed but in this particular case they’re using a large number of IPs, over 3000 on the last list I saw.
yeah and im thinking from an early 2000 perspective to where not being able to login for an hour was not necessarily a big deal. Whereas now so much of our life is online its not really as laid back a proposition.
Anybody who’s ever exposed any service to the internet knows this as the “background radiation” of the net. My boxes get thousands of random connection attempts per day. The best practice for years has been to use keypairs and/or VPNs. Friends don’t let friends expose RDP to the web.
I had a little linux server years ago and after a setup forgot to change my SSH port. One day I noticed my network was slow and after poking around realized that I had someone knocking at my port trying pass after pass with like 15 - 30 sec between attempts, watched this person for 2 days laughing at the 8-10 char passwords they were using, my password was a sentence. I then shifted the port to the 30k range and all was silent on my ports, always remember to change default ports, fun times
I had a website exposed to the net and would constantly get http requests for things like “wordpress_admin.js”
Lol every day, brother
I will tell you even more, half of these attempts come to my server
This has happened to every SSH host on the internet for at least 20 years. Key based authentication is important folks.