Cat /var/log/fail2ban.log 30 minutes after installation

If I cared enough I could implement geoip based carpet bans.

When I set up some software like that I got hit by an user bot.

It tried to access a url like,

"www.something.com/user_was_here_fag"

And then it left like the beautiful butterfly that it was.

Don't u have NAT?

well, at least it is some legit botnet mentioned on Sup Forums

>What is the chance they will guess both username and password
Your username is not meant to be secret, just use a strong password, or better yet, use public key auth (and encrypt your priv key with a strong password). But yep, enabling root login is idiotic.

Install a honey pot and get some voyeuristic pleasure from reading their logs as they slowly work out that they're not in a true shell.

apt-get install kippo

>not using iptables to block everyone except your ip's (and cloudflare ips if you're running a website)

Honeypots are fairly easy to identify, you'd only get botnets and script kiddies. If it's a good blackhat the only reason he's in your honeypot is if he will try to break out of it and get in your network as a challenge and try to exploit it. Or your honeypot will get used in some botnet for ddosing if you leave some networking open.

>chinese block access to news sites which talk shit about china
>they do literally nothing to stop chinese """""""""""hackers""""""""""""", gold farmers and other menances

this is why you never entrust technology with braindead politicians.

One of the first things I do after setting up a server is blocking most of china's IP ranges in iptables, at least for SSH and such.

Or that chines are fucking subhuman skiddies.

>ip changes one day
>you're fucked

>using ssh on the default port

Why would they protect foreigners from Chinese hackers? Censorship is for local benefit.

have a cheap vps that costs $10 a year, you can ssh through that when your ip changes.

But then how do you protect the cheap VPS agains chinese IPs?

>not using ssh on the default port
>security through obscurity
>chinks still knocking to the new port 24/7

you'd be surprised how many chinks it stops
i get one request a week at best

Dumb question, but if you only allow login with an SSH key, you would have absolutely 0 risk of getting hacked, is that right? (except if your private key gets stolen of course)

same as your main server, except this one has a web console you can log in to to set your new ip

But then the chinks could hack into your web console and set their own IP. It's a lose-lose game.

Move ssh a few ports.
Everything automated won't even try.

>the chinks could hack into your web console
you get an email every time someone logs in

>hosting your SSH server on port 22
It's like you enjoy wasting resources with all these login attempts.

By the time you get the mail it's already too late; they've already gained access. Plus nothing prevents them from hacking your e-mail.

stfu faggot. nobody is hacking vps account they don't even know the username to, or random email addresses.

the bottom line is nobody can even connect to my servers aside from me.

>nobody is hacking vps account they don't even know the username to, or random email addresses.

I think you're being the faggot here. You're creating layer upon layer of useless crap, while your only defense is "nobody can hack you if they don't know your username or password". Well guess what, this applies to your main server too...

>2017
>not using port knocking to open a non-standard ssh port in your firewall to only the ip address that the knocks came from
ishygddt