daily reminder to avoid public wi-fi hotspots as much as possible
>>54509832
Windows doesn't have this problem.
>>54509832
iPhone doesn't have this problem.
>>54509877
>>54509895
Daily reminder to avoid shitnux
Daily reminder to not have any firewall ports open and use a vpn with local network access disabled. Public wifi 101 da fuck
>>54509992
it is "I can get cancer cured without chemo OS"
>>54510024
Yup, I fucked up, but nothing happened luckily. Actually I noticed looking for something else in the events because my USB drives are acting up so even more lucky because my password is fairly simple. I sure showed them though, pic related.
good thing i avoid going outside at all then
>>54509832
What's happening here? Clearly it's a server log - are you saying you used a Wi-Fi- hotspot to access your ssh server, and now someone else is trying to access your ssh server?
>>54512061
Nope, it's the Console (log) of my MacBook.
I'm currently staying in a hostel and I'm using their Wi-Fi. Someone has been trying to brute force my SSH login, and thankfully I was checking my system logs for other things and I saw it.
I simply disabled the SSH service (and pretty much all other networking services) and it's all solved.
Just be careful with public hotspots, as you can see in the picture there are quite a bit of computers connected, and this place is pretty fucking shady (can't wait to gtfo) so yeah...
>>54509832
>>54513206
>they're just bruteforcing root
why are you worried? are you trying to say OS X actually allows root logins over ssh?
>>54513286
>>they're just bruteforcing root
>why are you worried?
Why wouldn't I be worried?
Would you not be worried if you walked into your room and saw someone trying to open your safe regardless of how secure that safe is?
>>54513370
Because logging in as root should be disabled.
>>54510024
>Daily reminder to not have any firewall ports open and use a vpn with local network access disabled. Public wifi 101 da fuck
Public WiFi 101 is to not use Public WiFi
>>54513429
And it is, but again, it's worrying that someone is trying to be a hax0r (a shitty one but still) in the only network I can use at the moment.
Again, it's not that they could, because they can't, it's that they're trying.
>Daily reminder to disable password login over ssh.
>>54513520
Are you aware that literal botnets are bruteforcing ssh servers constantly?
>>54513866
I am now, I guess.
>>54514003
>neo-/g/
There are infected machines brute forcing SSH root passwords so this isn't exactly rare and you're not special. Just configure SSH to only take RSA keys.
>>54514557
>rsa
>not ed25519
>>54513206
puta
>>54514636
tú más
I'm in DMZ everyday of my life. Pirates don't scare me.
>>54510064
I'm pretty sure you can do this and it shows up in the logs:
echo "Fuck you faggot" > /dev/tcp/183.3.202.113/22
>>54514888
hmm I don't know if it would show up in some log in Linux but in OS X
echo "allahu akbar" > /dev/tcp/127.0.0.1/22
yields
12/05/2016 21:22:11.358 com.apple.xpc.launchd[1]: (com.openssh.sshd.1943]) Service exited with abnormal code: 255
:( I want into script kiddie
>>54509832
>leaving SSH on the default port
>leaving password authentication enabled
>mac
It's like you're retarded in every possible way.
>>54515406
>>leaving SSH on the default port
That's stupid to change it. It doesn't improve security.
>>leaving password authentication enabled
Depends of the passwords. If your users have no password, it will be just impossible to log with password, but pirates can still try.
is it a bot doing this?
>>54514557
>Just configure SSH to only take RSA keys
Nice try, NSA.
>>54514872
RED ALERT! RAISE SHIELDS! USE MAGIC MUMBO JUMBO TO STOP THEM USING A INVERSE FRACTAL 4TH DIMENSION ALGORITHM
Serious question. Before this thread I didn't even know about console log. What are good sources for learning about UNIX security?
>>54513206
>>54513370
>bruteforcing root
>worried
As long as your root password is 20+ alphanumerical characters long you can stay at that hostel for years and still be safe.
>>54515753
passwd -d root
Like that no one can brute force your root password.
>>54515778
>passwd -d root
Wouldn't that just make the password blank?
I mean, if someone were to forget the edge case and start bruteforcing from "a" and onwards, you might be safe.
>>54515852
>Wouldn't that just make the password blank?
Not exactly. It removes the password. That's not the same thing as a blank password.
>>54515753
SSH logins over root should be disabled anyway.
So an attacker needs to guess your username AND password.
Extra tip, enable PSA key login. Then they can brute force all they want.
>>54513206
Well can u tell us which hostel and where?
>>54515938
Of course not.
>Implying /g/ goes outside at all anyway. [1]
References:
[1]: >>54510153
>>54515617
>That's stupid to change it. It doesn't improve security.
hur dur
Enjoy chinks wasting your fucking resources when they hammer your server 24/7.
>>54516832
>One try every two seconds.
>resources
>>54516844
>open SSH to the Internet for remote admin
>18k login attempts a day
>>54516868
You don't have rules in your firewall to blacklist those who try to do 10 connections/s to your server?
Do you know how to manage a server.
>>54516868
change the port
and sshguard or similar for this >>54516906
solves this depressing problem
>>54516938
>change the port
No. That's stupid.
>>54516947
it's actually very smart.
but you need other methods as well
hiding your door is very effective, but you still need a good lock and alarm system.
>>54516947
>>54516938
>>54516906
>>54516868
>>54516844
>password login
>ssh
>>54516975
>it's actually very smart.
one word: RETARD
>>54516990
key login is only a good method if you always connect from the same machine
>>54516998
muted
>>54517008
Machine(s). I've got like, what, 5 that i use regularly? If you need to push your keys up more often then you need some devops in your life.
Today I realized I accidentally left my ssh server on in my laptop for months.
>sweat pouring over my face
>>54509832
Are you retarded?
so you're mad because your system is working as intended?
>>54516906
>wasting resources on a blacklist instead of not needing one in the first place
You sure showed those ching chongs.
>>54517008
just keep your key on an encrypted flash drive you fucking mug
treat it like a house key, any time you let it out of your site you change the locks
>>54516906
why bother?
you shitty OS will still need to handle the connection, whether it is firewall blocked or not.
>>54517170
I don't want to carry a flash drive with me at all times. It can also break. It's also a hassle.
>>54515356
>>54514888
Shit lrn2netcat ffs
>>54513206
why do you leave unecessary services running? what do you ssh from into your laptop? sounds stupid.
>>54514003
try leaving a public facing ssh running, log will fill your hard drive.
>>54515617
>It doesn't improve security.
the bots aren't compromising your security. it won't increase security but it will stop lazy bots which is what you are moaning about
>>54517169
>>54517176
They will stop to attack your machine if they see that they're blacklisted. I know it, It happened to me too. I had to allow password connection, so I watch my logs carefully and set autoban rules.
>>54517251
>why do you leave unecessary services running? what do you ssh from into your laptop? sounds stupid.
streaming porn to my phone
>tfw not even joking
>>54517255
even if they stop, what do a few 1000 random connects even matter?
if they could actually impact your resources, you would be being DoS'd at that point.
>ufw rules reset every time I restart
I just enabled it in systemd and that looks like it did something. Would that be all it was?
>>54516906
there are enough bruteforce bots that you still get hammered constantly if you ban them
>>54515356May 13 00:27:57 localhost sshd[2270]: Bad protocol version identification 'Testing testing' from 192.168.1.30 port 32500
That's what I get in my logs when doing that
>>54517555
yeah I forgot to enable ssh before doing it lmao
>>54514872
What episode is this from?
>>54513206
>Not blocking ICMP echo response.
>>54515649
>>54514610
Isn't ed25519 less secure than RSA?
