[ars]

Put linux on the net with a weak ssh enabled root password and watch it get infected within minutes - I did that with a memory only installation, and multiple different people attacked it.

I assume they fought with each other for control of the machine, but I rebooted it instead.

Try it - it's interesting, use a USB stick to boot it, and make sure to physically disconnect all hard drives.

I think they mostly just want to send spam emails.

[at-fates-hands]

Worked at a smaller mom and pop business. We only had two sys admins. One day, I went over to ask about some web hosting. The one admin was sitting there, eating lunch and giggling, while lines and lines of code kept scrolling by on of his monitors.

ME: "What's so funny?"

Dan: "You see that? Take a closer look."

ME: "What am I even looking at?"

Dan: "Simple script I built to track bots trying to break into our Linux box (server). What you're watching is a metric fuck ton of Chinese and other bots trying to brute force the login."

He explained that any new server being connected to the internet, regardless of OS will be instantly attacked like you said. The server in question was only online for about 30 minutes and we were watching an endless stream of automated attacks from different bots. The failed login attempts were blocked after two attempts and the IP addresses logged for further review; but the bots would just respawn at different IP ranges and try again, it was pretty crazy.

It was a big eye opener for me. I had no idea it was that bad. Man, was I naïve!

[CPLX]

I’ve always thought it was an interesting footnote how a work of science fiction got at this essential essence of the internet in 1960:

https://en.wikipedia.org/wiki/Deathworld

[kibwen]

The classic solution to this problem is fail2ban: https://www.fail2ban.org

[jraph]

or to mine crypto coins