Lot of words to write about something that has been happening for literally decades. You'll learn to ignore it like everyone else and just move on. Or even better, set up fail2ban with the recidive jail to at least reduce the size of your daily server report email.
I found it interesting. The part about the scripts trying "sheep" as the username was new to me. Not everybody knows everything, so it's nice to read a little article about new things
I got tired of dealing with SSH knocks and blocked the port for all external IPs, using WireGuard to get into the LAN.
WireGuard is nice because, unlike most other services, it operates on UDP and sends no reply packet unless you know the key, so attackers can't discover it by portscanning.
Lot of words to write about something that has been happening for literally decades. You'll learn to ignore it like everyone else and just move on. Or even better, set up fail2ban with the recidive jail to at least reduce the size of your daily server report email.
I found it interesting. The part about the scripts trying "sheep" as the username was new to me. Not everybody knows everything, so it's nice to read a little article about new things
I found it interesting but a honeypot would have been interesting -- how long do they spend trying passwords for example.
And what are the passwords. And what percentage of IP addresses respond to those usernames and passwords.
The article linked at the top of TFA has all that sort of thing in it https://arman-bd.hashnode.dev/i-left-port-22-open-on-the-int...
behind a cloudflare block, not worth the fight
Did you need to fight to pass the captcha? It let me in just fine
It's a magnificent article, it's well worth it.
I recommend https://johannes.truschnigg.info/writing/2025-02-simple_effe... as an (imo) better approach than fail2ban parsing your logs to deal with the problem.
Often enough to switch to a different port to drastically cut down the noise, most bots probe the defaults.
Or use IPv6 - they'll never guess the address.
xkcd 10000
I got tired of dealing with SSH knocks and blocked the port for all external IPs, using WireGuard to get into the LAN.
WireGuard is nice because, unlike most other services, it operates on UDP and sends no reply packet unless you know the key, so attackers can't discover it by portscanning.
Unless all your other ports are sending reject packets