SSH Attacks from China
Thursday, September 10, 2020
This is a bit of a shorter post, but I want to share the ridiculousness of last night.
Yesterday my friend, David, called me up and asked if I could help him with setting up a VPS. He had been having some trouble updating the Arch install (yes, Arch Linux on a server, calm down) because of the new Zstandard package compression. For some reason, the “daily” build of Arch was outdated, running the 4.1 kernel…
It was a bit of a pain to upgrade, and it involved a bit of hacking, but we managed to fully upgrade the system after an hour of messing around. Unfortunately for us, Arch being Arch, the install managed to break, and in the end, we decided it wasn't worth the effort to fix, so we decided to reinitialize the server with a CentOS image.
I remoted into the machine and ran a full system upgrade, which went flawlessly. I then instructed David to SSH into the VPS so we could work together, but to our surprise, there had been 40 failed login attempts. I started dying of laughter because this machine had only been online for five minutes, and someone was already trying to break in. David had a similar reaction, but he was a bit more nervous.
I was quick to check journalctl to see what was going on, only to be greeted by a log flooded with failed authentication attempts. I checked the IP geolocations, and of course, they from China. I started hysterically laughing at this point. There was nothing we could do besides block the IPs. Nonetheless, we were in disbelief that it took less than five minutes before the first brute force attacks. It made me wonder if my server had been attacked.
I opened up an SSH connection to my server to check journalctl, and I was in shock to see I had been attacked as well! I don't understand why I was shocked. I expected this to happen, and I knew it was only a manner of time before this occurred. Quite frankly, seeing that I had set up SSH securely on my server made me happy. On the other hand, seeing my server get attacked let it sink in that the internet is a very dangerous place.
But hey, not many people can say they've been cyberattacked by the Chinese ツ