Hey /g/.
My Linux showed that my machine has established an SSH connection with an Chinese address. What the fuck?
Is my machine hacked?
How to I stop that?
congratulations on installing Brave, enjoy
>>61619069
Bitcoin mining zombie.
Re-image
fail2ban
sshkeys
/thread
>>61619069
>How to I stop that?
1. install fail2ban
2. set ssh port to something nonstandard (and remember it)
irt: IRT-CU-CN
address: No.21,Jin-Rong Street
address: Beijing,100140
address: P.R.China
e-mail: [email protected]
abuse-mailbox: [email protected]
admin-c: CH1302-AP
tech-c: CH1302-AP
auth: # Filtered
mnt-by: MAINT-CNCGROUP
changed: [email protected] 20101110
changed: [email protected] 20101116
source: APNIC
person: ChinaUnicom Hostmaster
nic-hdl: CH1302-AP
e-mail: [email protected]
address: No.21,Jin-Rong Street
address: Beijing,100033
address: P.R.China
phone: +86-10-66259764
fax-no: +86-10-66259764
country: CN
changed: [email protected] 20090408
mnt-by: MAINT-CNCGROUP
source: APNIC
person: Kong Lingfei
nic-hdl: KL984-AP
e-mail: [email protected]
address: 45, Guang An Street, Shi Jiazhuang City, HeBei Province,050011,CN
phone: +86-311-86681601
fax-no: +86-311-86689210
country: cn
changed: [email protected] 20090206
mnt-by: MAINT-CNCGROUP-HE
source: APNIC
% Information related to '221.192.0.0/14AS4837'
route: 221.192.0.0/14
descr: CNC Group CHINA169 Hebei Province Network
country: CN
origin: AS4837
mnt-by: MAINT-CNCGROUP-RR
changed: [email protected] 20060118
source: APNIC
for fucks sake.After I installed fail2ban and changed the password more Chinese IPs started popping up. Am I fucked?
>>61619248
you are part of a game show, many of my friends laugh you at dinner time
>>61619248
why are you still connected to the internet?
>>61619267
I don't have a camera nor a microphone
>>61619317
I moved to my phone and changed IP to mobile.
>>61619326
congrats now they have your phone.
>>61619359
I don't have my number in this phone.
Also, I had port fotwarding on ssh opened. Silly me.
Chinese IPs and others will scan the internet for SSH. Just because they connect to the service doesn't mean they actually authenticate but if you have root login enabled they will brute force passwords
>>61619434
Motherfuckers.
>>61619069
nuke your pcsudo dd if=/dev/null of=/dev/sda
Hey guys what are we talking about in this thread?
>>61619921
Chinks proving that they're the most cancerous folk.
>>61619069
chinamen are looking to sneak in your backdoor and leave you with a little somethin somethin that you will never be able to get rid of
>>61620128
Fuck them! I'm installing Tomato on my router tomorrow!