My tiny little HTTP proxy server is enduring attacks form past few days. The scripts which extract abusive IPs from logs are having difficulty running as these millions of requests are generating gigabytes of logs. Updated logrotate from daily to hourly which helped reduce the current log size and it is still running 😪

Are these Chinese IPs? Why don't you use something like Cloudflare?

Most blocked ones are from US, France and Germany. I was surprised too.

I'll check out Cloudflare. Thank you! 😃

On my server, I had like 20 ssh-login-tries per minute bzt only from Chinese IPs

Just checked. This is the top country distribution of abusive IPs:
62 US
14 FR
14 RU
11 NL
3 CA
3 DE

Oh gosh! That is even scary.
I should monitor my ssh login logs.

Simply change the port. That solves everything. Mine is running on 28 and no requests AT ALL

No problem! By the way: did you disable root-login, password-login and force a newer TLS-Version?

Yes, this proxy server has the TLS login enabled but my home server still uses password based. But I limited login retries per minute on it to prevent brute force attacks.

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!