Particularly at the university, I was setting up a GitLab box that wasn’t supposed to be externalized (didn’t realize at the time that LAN utilizes the public addresses instead of NAT). 90K ssh attacks in 3 days, vast majority from the east Asia area. Luckily none made it through. Learned my lesson (and firewalld) from that experience. Nearly had a panic attack from that (first time setting something up like that).
The above was from my naive days before I started getting more deeply involved in sysadmin and networking work. It’s still incredibly annoying to log in to systems with “There have been 173 failed login attempts since the last successful login.”
When I set up my first gateway/router server for the first time, I was truly shocked to see how much traffic comes in searching for vulnerabilities. I knew it happened, but the frequency was wholly unexpected. SSH requests for root, SMB traffic, etc. every second or so.
If you want to see something, install MySql on a AWS EC2 (or any host for that matter), turn on verbose logging and open it to the public internet. I saw thousands of Chinese bots trying every way to get root access
Every. Damn. Day.
Particularly at the university, I was setting up a GitLab box that wasn’t supposed to be externalized (didn’t realize at the time that LAN utilizes the public addresses instead of NAT). 90K ssh attacks in 3 days, vast majority from the east Asia area. Luckily none made it through. Learned my lesson (and firewalld) from that experience. Nearly had a panic attack from that (first time setting something up like that).
The above was from my naive days before I started getting more deeply involved in sysadmin and networking work. It’s still incredibly annoying to log in to systems with “There have been 173 failed login attempts since the last successful login.”