Follow

My tiny little HTTP proxy server is enduring attacks form past few days. The scripts which extract abusive IPs from logs are having difficulty running as these millions of requests are generating gigabytes of logs. Updated logrotate from daily to hourly which helped reduce the current log size and it is still running 😪

@dsoft
Are these Chinese IPs? Why don't you use something like Cloudflare?

@Mawoka
Most blocked ones are from US, France and Germany. I was surprised too.

I'll check out Cloudflare. Thank you! 😃

@dsoft
On my server, I had like 20 ssh-login-tries per minute bzt only from Chinese IPs

@Mawoka
Just checked. This is the top country distribution of abusive IPs:
62 US
14 FR
14 RU
11 NL
3 CA
3 DE

@Mawoka
Oh gosh! That is even scary.
I should monitor my ssh login logs.

@dsoft
Simply change the port. That solves everything. Mine is running on 28 and no requests AT ALL

@dsoft
No problem! By the way: did you disable root-login, password-login and force a newer TLS-Version?

@Mawoka
Yes, this proxy server has the TLS login enabled but my home server still uses password based. But I limited login retries per minute on it to prevent brute force attacks.

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!