Hacker News new | ask | show | jobs
by themoonisachees 1226 days ago
I agree that cloud providers are a blessing to attackers, but blocking russian, chinese and even generally SEA ip space is still a very effective way of stopping the bottom 70% of all attacks. Sure, they're trying such outdated methods that there is very little chance of them suceeding, but honestly when just banning china reduces sshd logs by 50% you wonder why you didn't do it sooner.
2 comments
londons_explore 1226 days ago
Are you sure you're blocking 70% of attacks? Or are attackers just starting there, and when they realise their attacks aren't working they go via AWS instead?

I can't imagine many people sufficiently motivated to launch a DDoS attack against you, yet not sufficiently motivated to switch to an attack method that will actually work.

link
bliteben 1226 days ago
Most attacks are using a shotgun approach. DDOS generally are targeted but even then just badly behaved scrapers or vulnerability scanners can add up to be like a DDOS.
link
BenjiWiebe 1225 days ago
An even quicker way to clean up SSH logs is to listen on a non standard port.
link