On Thu 08 Jan 2015 at 22:53:45 +0200, Danny wrote: > However, as soon as my network was up and running I got attacked ... > here is an excerpt of one of the fail2ban mails ... > > ################################################################################################### > The IP 204.12.241.227 has just been banned by Fail2Ban after > 3 attempts against ssh. > > Jan 8 04:23:15 fever sshd[17406]: Connection from 204.12.241.227 port 38090 > on 10.0.0.5 port 22 > Jan 8 04:23:17 fever sshd[17406]: Invalid user zhangyan from 204.12.241.227 > Jan 8 04:23:17 fever sshd[17406]: pam_unix(sshd:auth): authentication > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=204.12.241.227 > Jan 8 04:23:20 fever sshd[17406]: Failed password for invalid user zhangyan > from 204.12.241.227 port 38090 ssh2 > Jan 8 04:23:20 fever sshd[17406]: Received disconnect from 204.12.241.227: > 11: Bye Bye [preauth] > Jan 8 04:23:20 fever sshd[17408]: Connection from 204.12.241.227 port 39800 > on 10.0.0.5 port 22 > Jan 8 04:23:22 fever sshd[17408]: Invalid user dff from 204.12.241.227 > Jan 8 04:23:23 fever sshd[17408]: pam_unix(sshd:auth): authentication > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=204.12.241.227 > Jan 8 04:23:24 fever sshd[17408]: Failed password for invalid user dff from > 204.12.241.227 port 39800 ssh2 > ################################################################################################### > > What is interesting to me is the user in the above excerpt "zhangyan" ... > By using a username that is unfamiliar to the western world tells me that > whatever is on my system had to respond to this username otherwise why would > this guy use a username that only he is familiar with ... Other usernames that > were used: 3D, ssht and ftfl ... Also, attempts were made from China, Hong > Kong, > Belgium and Canada ...
You have completely failed to understand what fail2ban is telling you. > Anyway, I have decided to get new hardware and do a clean install of > everything > ... as many of you have suggested ... It was heading that way so it is probably best for you. > However, as I fly a lot internationally, is there a way I can temporarily > block > these country's IP's for a few days at most untill I have enough time on > hand to do a fresh install ... What has flying got to do with it? > Currently my iptables looks like this ... If you have resorted to using iptables you have lost it. A standard Debian install doesn't need it. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/08012015195405.2b1dd99f9...@desktop.copernicus.demon.co.uk
