Hacking

1780 readers

2 users here now

This is the community for all things hacking and cybersecurity, try keeping it legal. That said I don't take any responsibility for anything that happens/comes from this group but I will try being the best mod that I can to prevent anything from happening.

founded 4 years ago

MODERATORS

qarmah@lemmy.ml

Does brute-forcing SSH logins for random IPs have a reasonable chance of being profitable for the attackers? (mander.xyz)

submitted 2 years ago* (last edited 2 years ago) by Sal@mander.xyz to c/hacking@lemmy.ml

2 comments fedilink hide all child comments

I was looking at my /var/log/auth.log in my personal computer and VPS, and I can see thousands of failed SSH attempts over the past few days. Looking at the attempted logins, I suppose that someone is using a database and trying out common default username/password combinations to attack random IP addresses. I also see that they try this for many different ports.

This approach of attack appears to me to be very very very unlikely to return anything of value. They may as well just try generating bitcoin private keys randomly until they find a wallet with something in it.

Are these 'hackers' just playing the lottery and wasting their resources? Or is this a strategy that somehow works reasonably often?

top 2 comments

sorted by: hot top controversial new old

[–] xvf@lemmy.ml 9 points 2 years ago (1 children)

It probably works, it doesn't take much to scan the internet for an uncofigured or misconfigured server.

You should move your ssh server to another port. Once you do that you won't see your logs getting spammed by random attempts.

[–] Sal@mander.xyz 4 points 2 years ago* (last edited 2 years ago)

Ok, thanks! I have changed the port and disabled password logins.