I set up my home server with ddns so it's doing apache and

As soon as port 22 is open to the WAN either a chink or Russian bot is going to hammer it. Either geo-ban China or stop using password authentication for SSH.

>>62216894
this. anybody with internet facing password authentication is asking for rectal distress these days

Yeah that's pretty much normal. You can run SSH on a weird port to cut down the volume, but it'll still happen. Also if you disable password auth completely and only accept public-key then some portion of the bots will just throw up their hands and go away.

Ok then, they do it because it's potentially lucrative? Like are they just hoping I have some bank account passwords on my server or something?

Also I was fairly sure that I have it set up with keys, I thought I was getting timeouts from external ip's

>>62216818
Just change the ssh port you dumb nigger

>>62216818
is that ethan?

>>62217010
it's more like they run a botnet (like an actual botnet of compromised servers, not /g/'s meme botnet) and look for servers to add to it. What they do with the botnet varies but its most commonly sending spam, or sometimes hosting the scammy websites that the spam advertises.

>>62217010
>Also I was fairly sure that I have it set up with keys
default sshd config is to accept either a password or a key. Unless you edited the config to make keys the only permitted authentication method you're still accepting password tries.

disable root login and enable keys only

>>62217042
Interesting, wouldn't you notice the extra service(s) running and be able to shut it down , switch up keys and passwords all easy enough?
>>62217069
>>62217135
I'll check in to it thanks
>>62217020
will do, thanks

i work in networking and security and ive been called racist before for banning whole ip blocks from china

they constantly port crawl and ping request routers across the whole country

ive gotten 200+ requests a day which causes router logs to become GiB's worth of data and even overheating the device

im not bothered by the critique any more because those chinese bastards have no morals or empathy for the common man

fuck em and block them all OP

its also funny how the media paints the ultimate hackers as russian but 90% of the threats are from china because they manufacture the devices and have all of the processing power cheaply

>>62216818
>banning chinese IPs

why haven't you dumped the entire IP block?

Op setup openvpn instead and just use vpn to connect to your network. Setup pfsense as your router and you can use it as the openvpn server.

There's really no need to geoblock unless you're using a meme tier passed. There's no way in hell these bots are going to guess your password before fail2ban bans them

>>62217010
you are still thinking in terms of the 90s hackers

now they want to get infected machines to build botnets for multiple uses

1. for more port scanners like the ones attacking you right now
2. crypto coin mining
3. ip hoping to hide their origins and incriminate you
4. mass of compromised computers for DDOSing
5. data mining to sell to 3rd parties
6. blackmail/monetary data

>>62217431
>>62217372
Interesting, I'd like to hear more security related things
should I do CompTIA and SecA and all that jazz?

>>62217814
start with basic networking with openwrt and pfsense

net+, CompTIA and SecA ect are more for a cert to show you know your material

>>62216818
Sadly this is a normal thing.
move the ssh port to literally anything other than 22. Problem solved.