30
My home server got hit with a weird login attempt from Brazil last night
I saw the alert in my logs around 2 AM, and it was trying a bunch of common usernames like 'admin' and 'root'. I just shut down the port forwarding rule I had set up for remote access. Has anyone else had this happen and found a better way to keep an eye on things?
4 comments
Log in to join the discussion
Log In4 Comments
fisher.jessica13d ago
Used to think keeping port forwarding up and just having a strong password was enough. But after getting pinged with like 50 login attempts in one night from some random IP, I totally get why fail2ban is the way to go. Changed my mind real quick on that.
5
adamw151mo ago
Welcome to the club, my server logs look like a failed UN summit. Had a bot from Russia try 'password' as the root password for six hours straight. Setting up fail2ban was a game changer, it auto-blocks those clowns after a few tries. What are you running on that server anyway?
2
ben_fisher1mo ago
Honestly, shutting down the port forward was the right move, that's your first line of defense. Ngl, my logs look like a world tour some days, with script kiddies trying the same old admin and root combos. I just set up fail2ban to automatically block those IPs after a few tries, it cuts down on the noise.
1
max_schmidt771mo ago
I run a honeypot on port 22 and get over 500 hits a day. Fail2ban and key only login saved my sanity.
2