2023-05-10
Repetitive SSH attempts are still on
I noticed in 2016 that putting services like ssh on a different port does not change much in the attacks and the last few days I noticed this is true as ever. I use fail2ban for sshd and other services that are prone to brute-force attempts. I've been using influxdb and grafana to visualize measurements and I use telegraf to gather a lot of system data. I recently enabled gathering fail2ban statistics and it's interesting to see the numbers of blocked addresses is very similar for the sshd on port 22 and the sshd on port 2022. It's not exactly the same number and interestingly not the same attackers but the numbers are within 5%. And yes the numbers are high enough to make the output of fail2ban-client status sshd several screenfulls of IP addresses.