brute force still going strong

While setting up this blog I was looking through my little VMs scattered around different cloud providers to find one which could serve as the A record for steinn.org and redirect traffic to steinnes.github.io. I logged on to one of my digital ocean droplets that I haven’t used in a while so I was slightly surprised to see more than 100k lines in /var/log/auth.log.

I remember being a teenager and attempting to get access to random systems I stumbled across on the internet. I’m not going to lie, sometimes I’d get in but the fear of being discovered was more than enough to prevent both any overt attempts to connect, and to make sure if lucky enough to gain access, no damage would be done.

I have the distinct feeling something has changed since the late 90’s when I was pretty much convinced that brute force attacks were just a stupid way to get caught.

Here’s a little iptables snippet if you’re wondering how I made my auth.log file stop growing:

iptables -F  # flush

iptables -A INPUT -p tcp -s your-ip/32 --destination-port 22 -j ACCEPT

iptables -A INPUT -p tcp -s 0.0.0.0/0 --destination-port 80 -j ACCEPT
iptables -A INPUT -p tcp -s 0.0.0.0/0 --destination-port 443 -j ACCEPT

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -j REJECT  # reject everything else

Later article
Docker Workshop