On Tue, May 10, 2022 at 06:39:36PM -0700, Keith Lofstrom wrote: > Be careful what you write about powerful men, especially > on the public PLUG lists. I wasn't careful yesterday. > > My external server is getting dozens of login attempts per > minute from an IP address associated with digitalocean. > More than 10,000 so far, for at least 10 hours. I hope > I took the right steps to block the attempts. > > If you have a virtual server at digitalocean, let's talk > about IP addresses. You might need security help more > than I do.
I double counted - before I blocked the attacks with an iptables rule, there were 14238 failed root password attempts from ip address 167.71.228.234 Over the last week, there have been five other attacks from other digitalocean ip addresses, ranging from 200 to 2050 attempts. Perhaps other attacks before that, but I'd need to look at backups. Six other largish attacks, two from China, one from a Microsoft IP address. The biggest annoyance was the abuse reporting form at digitalocean, which I was told to use after I sent a complaint to the NOC address. Strict formatting, if you deviate from sequental entry it erases all the fields and you must start over. For example, it wants HH:MM for the time of abuse - it barfs if you enter an 18 hour time range. I finally wrote my own document and edited that, cutting and pasting and barfing until it stopped barfing. Some court cases have resulted in $40K-per-event awards for spam. I would appreciate getting $700M from Digital Ocean, but I would settle for a major policy change that results in few-to-no bot attacks and no stupid forms. ----- ON THE OTHER HAND, my Rimuhosting service provider has been VERY helpful, two informative "real human" support emails so far. I am migrating my virtual server from an ancient CENTOS instance to an Ubuntu instance, which will include fail2ban by default. Probably Ubuntu 20.04 LTS, but they are actively testing a 22.04 LTS image, "ready very soon". Rimuhosting headquarters are in New Zealand. I am hosted at their Dallas TX data center, with failover to Brisbane and London. I hope they set up a data center elsewhere in the US; if a job aborts in Texas I could be in trouble. :-/ Keith -- Keith Lofstrom [email protected]
