[belorn]

For individuals and smaller orgs the easiest and by experience the best practice is to use a certificate (or generated and never to be reused password) for ssh authentication, install server monitoring, and then simply observe if the spam from random drive-by causes enough resource drain that would validate further work. Most likely it won't.

Running a tar pit is a bit like installing a trap on a bike in order to teach bike thieves a lesson. It won't really reduce the problem, but for a lot of people the idea of vengeance gives a bit of a warm happy feeling.

[toyg]

> Running a tar pit is a bit like installing a trap on a bike in order to teach bike thieves a lesson.

It's more like approaching a thief and persuading him to steal some bike "just around the corner", then guiding him around endlessly. While he's following you, he's also not stealing anything from anyone, his attention (which is naturally finite) gets drained - even just a little bit - to the benefit of the community as a whole. It's not necessarily about vengeance.

[kebman]

Tangent story. Two friends of mine went backpacking to Amsterdam, short pants and all. When they got out of the train in the evening, a friendly guy approached them and asked if they were looking for a hotel. They said yes, so he told them to follow him. Delighted to be greeted in this way, they did.

First they went down the regular path up Damrak to get to Leidseplein, but slowly and imperceptibly the streets were getting narrower and narrower, until they finally reached a dead end. That's when the guy whirled around, flipped out a small pocket knife and wheezed to them, "Gimme all your cash! NOW!"

The guys looked at each other, and then looked at him, and then one of the guys calmly told him, "Look, we're two guys, and you're just one. Even if you get one of us, the other will beat your head in. You can't win this."

The mugger looked puzzled for a moment, but then he retorted, "Ok, give me half your money then, and nobody gets hurt!" Not wanting to be the first guy who got stabbed, they agreed that, "Fine, we'll give you half! But only if you promise to not stab us." And so the deal went down, and they had finally arrived in Amsterdam.

[graton]

Makes me think of one of my personal rules when traveling. If I am needing help, I don't take it from someone who approaches me. I just say, no thank you. If I need help, I pick someone randomly and ask for help. The likelihood that they are a criminal is much less compared to someone who approaches me.

[Symbiote]

This is also good advice for children.

If you need help, ask, don't wait to be asked.

[jjeaff]

People will approach tourists a lot like this in central and south america, but the end game tends to be to take the tourist to an inn or restaurant where they get a commission for taking them.

I've never gone with anyone anywhere but very public spaces. But I actually have found some real gems tucked away off the beaten path this way.

[milesvp]

A friend and I took a day trip to Morocco many years ago while backpacking through Spain and experienced this. A local guide approached us who came across as pretty legit and had a driver. We had a good time being shown around to different stores and it was pretty clear that he was getting a kickback from the places we went. Had some nice mint tea, and a pretty good meal later.

There was a slightly dark time in the middle though, where my friend and I were sure we were going to be mugged and left for dead when we were driving further and further from the city. I've never experienced anything quite like it before or since. We both looked at each other, and in an instant with a single expression we were both able to convey that "I love you and we're going to die". We were totally relieved when it turned out they just wanted to show a scenic view by the sea, while showing us a lot of very rich mansions along the way.

Was totally surreal, though, and I'm not sure how lucky we were.

[kebman]

Danish Louisa Vesterager Jespersen (24) and Norwegian Maren Ueland (28) were killed and decapitated by ISIS terrorists on a trip to Morocco in 2018. They were found near the Atlas mountains. The murders were filmed and put on the internet. 18 men were since arrested by Moroccan police and charged with terrorism.[1]

[1]: https://en.wikipedia.org/wiki/Murders_of_Louisa_Vesterager_J...

[kebman]

Somehow factual information like that is always downvoted, but criminal and terrorist activity is important information when considering where you want to travel in the world, so you should take it very seriously.

Case in point, I travelled with my friends through Serbia during the early 2000's. Now, we'd spoken with our country's foreign ministry, and they told us that it was relatively safe to travel in the North of the country. At the time, we were adviced to avoid the South of Serbia because of small gang clashes still being ongoing. We avoided Romania as well, since a lot of car jackings had been reported at the time.

After driving for a very long time, we got tired, and parked at a forest road in the darkness. It was pitch black, so we figured no one would come there. But after a while, I heard a car stop down at the main road, and two guys moving closer to our car on the gravel. This prompted me to reach for a small screw driver I had laying around, just in case.

When they arrived at the car, they knocked on my window, and peering to the darkness I noticed that they were actually police officers. They wanted to know what we were doing there, so I explained to them that we were just trying to get some sleep for the night.

Then they asked me, "Did you see the boarded-up gas station further up the road?" I nodded, and he continued. "Yeah, well, last week a gang came by there and shot the whole family dead, mother, father and two kids. That's why the place is boarded up. Listen, guys, this place isn't safe. So please come with us, and we'll show you a lit parking lot in the nearest town. You can sleep safely there, under the lights."

Needless to say, we accepted their escort, although it was far more easy to sleep in the darkness rather than under a street light.

Then there's the story of my boss who ignored advice to not go to Egypt during some troubled times, and ended up in a firefight as the bus in front of him was lit up by a hail bullets. He thought he was going to die, and he very well could have if he'd gone with the front bus.

[toyg]

Morocco has a very mean and torture-happy secret police, and tourists are one of their main sources of income, so it’s very unlikely that anything particularly bad will ever happen to you, the risk for perps is too high. Cash, though... I was basically extorted by some guys with aggressive monkeys in the middle of Marrakech.

[teddyh]

> Morocco has a very mean and torture-happy secret police, and tourists are one of their main sources of income

I initially interpreted that sentence differently than how you probably intended it.

[ropable]

Spouse and I got hooked like this when we visited Beijing some years ago. We could actually tell what was going on, but our "guide" was a friendly university-aged girl who (at our request) took us to a couple of local art galleries and a wonderful restaurant. She may have gotten a commission and definitely a good meal out of it, but we actually had a fine experience.

[rurban]

So you are saying rand16() needs to be replaced with an extract from some PD world literary piece, then the attacker will be fine. Call me sceptical.

[jschwartzi]

Lol someone approached me like that in Amsterdam too and offered to guide me somewhere. I figured that this was his plan so I told him I was okay and that I didn’t need his help.

[car]

Tangent on tangent. An aquaintance visited Morroco, and was befriended by a young local, his guide for two weeks. On the last day, he bought a $3000 rug from a store owner relative of the guide. Suffice it to say, said rug never shipped.

[tomcam]

Fun.

Wouldn't end that way with me and my friends.

[venatiodecorus]

well what they're saying is sure you can do this but this hypothetical bike thief isn't going to follow you very far. ime this would seem to be the case. most ssh spam is very dumb, just looking for low hanging fruit w/ default credentials, and will likely move on very quickly without success.

[ed25519FUUU]

It sounds like you’re both trapped in this scenario.

[dheera]

> installing a trap on a bike in order to teach bike thieves a lesson. It won't really reduce the problem

Maybe it is reducing the problem, but not enough people are installing traps to make a noticeable difference? Or the number of new thieves is cancelling out the number of thieves being put out of business by traps? Is there data for this?

Or maybe the traps just aren't sophisticated enough?