Once I had Postgresql db with default password on a new vps, and forgetting to disable password based login, on a server with no domain. And it got hacked in a day, and was being used as bot server. And that was 10 years ago.
Recently deployed server, and was getting ssh login attempts within an hour, and it didn't had a domain. Fortunately, I've learned my lesson, and turned of password based login as soon as the server was up and running.
And similar attempts bogged down my desktop to halt.
Having an machine open to the world is now very scary. Thanks God for service like tailscale exists.
Yes, after changing the ssh port, and fail2ban on the server completely stopped those pesky ssh log in attempts.
But, on home computer, I do not want to be bothered with all the security efforts, and want to keep it simple. But I have plans to put up an isolated server setup someday. But too broke right now, and looking for a job. heh.
I have seen people, who is using simple password based authentication, with really simple password. I always go and fix that first, so, it's too common, which is why It's scary.
Also, strong, random-looking passwords for droplets or apps saved in a text file. Use the Digital Ocean guide on setting up a Linux box securely and the UFW firewall. Then, lighttpd, BunnyCDN (esp for SSL), and periodic updates.
Works so well that it's easy to forget they're running.
Well, after changing the ssh port to something really big, OOM and heavy CPU usage stopped, as I was still using that public IP, so concluded it was not an inside job .
There were like thousands of requests in an hour, and that went on continuously, before I changed the port.
Yeah that sounds quite annoying, but has nothing to do with ssh log noise. Maybe investigate what's causing the OOM. I have multiple 1GB vps with ssh open to the world and they never OOM, and they're obviously not just running ssh. It sounds like you've been compromised.
The number of attempts were staggering though, i think there were requests every seconds non-stop.
Once I changed the ssh port to a large number, the OOM and heavy CPU usage stopped, and never came back. So, I think I'm safe, though I keep an eye on the logs, and for any unknown processes, but never seen anything out of ordinary.
The 64gb machine is my dev machine, as my IDE(intellij) runs on high memory config and I run some heavy process, it could've been combined with the ssh spam it went OOM. I still run all the things, without any issues now.
Once I had Postgresql db with default password on a new vps, and forgetting to disable password based login, on a server with no domain. And it got hacked in a day, and was being used as bot server. And that was 10 years ago.
Recently deployed server, and was getting ssh login attempts within an hour, and it didn't had a domain. Fortunately, I've learned my lesson, and turned of password based login as soon as the server was up and running.
And similar attempts bogged down my desktop to halt.
Having an machine open to the world is now very scary. Thanks God for service like tailscale exists.