Answer the question
In order to leave comments, you need to log in
S
S
Sergey Karbivnichy2019-03-29 23:49:10
Sergey Karbivnichy, 2019-03-29 23:49:10
Is there a hook for ssh on linux?
Hello. I recently bought a VPS. Within a couple of days, my VM was blocked 2 times due to "colossal load". Later, having studied the logs on the server, I found out that the VM was hacked via ssh (the passwords were simple). Now I see that every minute several dozen ips are knocking on me via ssh (probably a botnet). There is fake ssh, so that I would specify a simple login and password, and they would connect to me. Of course, not with real ssh, but with fake one, so that you can see what kind of commands they send me.
7 answer(s)
@Zoominger
@2ord
@Avenax
@Zarom
R
Ronald McDonald, 2019-03-29 @Zoominger
Create a user without rights and with chroot in /tmp with a limit of 1 MB and logging all entered commands.
R
Roman Mirilaczvili, 2019-03-30 @2ord
Endless
The Endlessh project is presented, within which a simple dummy SSH server is prepared, which tries to keep established connections open for as long as possible at the initial stage of connecting to the SSH server. Endlessh can be used to hinder the work of various malicious systems that constantly brute force passwords and scan hosts for certain network services.
A
Alexander Gorbunov, 2019-03-30 @Avenax
Trap (tarpit)
https://m.habr.com/ru/company/globalsign/blog/445318/
D
Dmitry Shitskov, 2019-03-29 @Zarom
Use fail2ban to restrict bot activity. A non-standard port also greatly reduces the chance of being targeted.
If you want to play around, try configuring lshell
Similar questions
R
K
D
A
U
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question