30
My home server got hit with a weird login attempt from Brazil last night
I saw the alert in my logs around 2 AM, and it was trying a bunch of common usernames like 'admin' and 'root'. I just shut down the port forwarding rule I had set up for remote access. Has anyone else had this happen and found a better way to keep an eye on things?
3 comments
Log in to join the discussion
Log In3 Comments
adamw1519d ago
Welcome to the club, my server logs look like a failed UN summit. Had a bot from Russia try 'password' as the root password for six hours straight. Setting up fail2ban was a game changer, it auto-blocks those clowns after a few tries. What are you running on that server anyway?
2
ben_fisher19d ago
Honestly, shutting down the port forward was the right move, that's your first line of defense. Ngl, my logs look like a world tour some days, with script kiddies trying the same old admin and root combos. I just set up fail2ban to automatically block those IPs after a few tries, it cuts down on the noise.
1
max_schmidt7719d ago
I run a honeypot on port 22 and get over 500 hits a day. Fail2ban and key only login saved my sanity.
2