New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
It could be most of them are still using windows XP and they are infected with botnet
Change your SSH port and add something like Fail2Ban
Still, why China?? for years.. all attempt to gain access on my servers came from China's ip.
And don't use password logins.
All my servers doesnt use port 22 for SSH. The server in the screenshot is a online.net's dedi and I installed OS lesss then 24 hours ago. Im starting to setup it for a few minutes ago.
But still, why all attempt came from China? I wish to see some from US or maybe russia or any countries except China LOL.
Many theories. I like the XP theory. It's no secret that China and brute force go well together.
Change to SSH Key auth and they will stop instantly.
Seems a lot of the Chinese brute forcers target all the online.net IP range; probably as online.net is generally Dedi's and not VPS's so getting into one means potentially massive payoff.
cause China is showing you some love.
Disabling root login is also a good idea.
Got like 100k once on a server of mine
If you're still using the root account and the default port 22, I'd try too. And I'm not a headless botnet.
Because many people live there?
I'm on 22. Have fun!
I know... China just doesn't like you.
what xp vulnerability is exploited to run these bots? Are the last patches able to resolve them
No, XP is not supported by anyone - no one should be using it! XP is older than Ubuntu 1.0!
Botnets are not only exist with Chinese IPs, but there are backdoors in any Chinese products like 1+1 phone and Huawei. I really recommend you to stay away from any chinese products.
Designed by Apple in California, made in... China
If you want bots attacking you from different countries, host a wordpress blog I get attacks from Ukraine, Russia, USA, China, South Korea and Taiwan.
Not china, also OVH and that crap it comes from everywere.
are you serious? I am a big fan of 1+1
This is what I need... LOL
Every IP I've found attempting to brute force a server has been from China. China is also the #1 source for blog spam and other fun stuff.
Chinese traffic isn't valuable to me at all, on any of my sites, I'm considering just blacklisting every major Chinese IP range. All the normal Chinese internet users (read: not bots) just VPN through the great firewall into another country anyways..
You should leave your home, friends and possibly everything asap!
PS: How the hell do you put a backdoor in CyanogenMod?
I'm curious about this also. All bruteforce attacks to my VPS came from China IP.
No. That is completely uneducated, never recommend doing that.
https://www.adayinthelifeof.nl/2012/03/12/why-putting-ssh-on-another-port-than-22-is-bad-idea/
China has the largest user base of Windows XP (mostly illegal versions) and other legacy software. Statistically, China homes the largest population of kiddy scrippers and technologically uneducated users. Hence, logically most attacks will come from Chinese IP ranges.
No, actually the guy who wrote that article is completely educated and quite wrong.
http://lowendtalk.com/discussion/comment/576972/#Comment_576972
I am a Chinese.
In China, many people use illegal copy of OSes, and many of them still stay @ XP.
They are easy to get controlled by hackers, and then attack your VPS.
Yes,I am a Chinese,too.
If you really want to stop them just deny all China IP range to access your SSH port, problem solved.