21
Warning: My home server got hit with a weird SSH brute force attack that took 3 days to fully lock down.
I kept seeing the common advice to just change the default port, but the logs showed thousands of attempts from random IPs even after I did that. I ended up having to set up fail2ban, configure geo-blocking for entire regions, and finally move to key-based auth only, which was way more involved than any guide made it sound. Has anyone else found that basic port changing is basically useless now against these botnets?
2 comments
Log in to join the discussion
Log In2 Comments
the_james2d ago
Watched a buddy go through the same thing last month. He changed the port and the bots just found it again in a few hours. It really does feel like that old trick is completely broken now.
2
spencer_ross1d ago
A few hours? That's just insane.
3