Category Archives: Home Server

1 minute with my ubuntu 14.04 home server

Resistance is Futile – 抵抗是徒勞的

My Ubuntu 14.04 home server is an old Dell (circa 2004) P4, 3 GB RAM, 30 GB hard drive on a dynamic DNS service which doesn’t do much.  It runs an IRC bot, and a WordPress install to experiment with themes and page displays before I put it into a prime time production environment.  Yet, all of China (and associated friends) are interested in assimilating it for their own devious, mischievous agendas.

a small example of my syslog:

May 15 20:52:15 creature-ubuntu-server sshd[5320]: message repeated 2 times: [ Failed password for root from 58.218.204.36 port 47623 ssh2]
May 15 20:52:15 creature-ubuntu-server sshd[5320]: Received disconnect from 58.218.204.36: 11: [preauth]
May 15 20:52:15 creature-ubuntu-server sshd[5320]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.36 user=root
May 15 20:52:17 creature-ubuntu-server sshd[5324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.36 user=root
May 15 20:52:17 creature-ubuntu-server sshd[5322]: message repeated 2 times: [ Failed password for root from 58.218.205.66 port 52701 ssh2]
May 15 20:52:17 creature-ubuntu-server sshd[5322]: Received disconnect from 58.218.205.66: 11: [preauth]
May 15 20:52:17 creature-ubuntu-server sshd[5322]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.205.66 user=root
May 15 20:52:19 creature-ubuntu-server sshd[5324]: Failed password for root from 58.218.204.36 port 36634 ssh2
May 15 20:52:19 creature-ubuntu-server sshd[5326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.205.66 user=root
May 15 20:52:21 creature-ubuntu-server sshd[5326]: Failed password for root from 58.218.205.66 port 57380 ssh2
May 15 20:52:25 creature-ubuntu-server sshd[5324]: message repeated 2 times: [ Failed password for root from 58.218.204.36 port 36634 ssh2]
May 15 20:52:25 creature-ubuntu-server sshd[5324]: Received disconnect from 58.218.204.36: 11: [preauth]
May 15 20:52:25 creature-ubuntu-server sshd[5324]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.36 user=root
May 15 20:52:27 creature-ubuntu-server sshd[5333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.36 user=root
May 15 20:52:28 creature-ubuntu-server sshd[5333]: Failed password for root from 58.218.204.36 port 55010 ssh2
May 15 20:57:55 creature-ubuntu-server sshd[5366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.160.48 user=root
May 15 20:57:57 creature-ubuntu-server sshd[5366]: Failed password for root from 222.186.160.48 port 57078 ssh2
May 15 20:58:02 creature-ubuntu-server sshd[5366]: message repeated 2 times: [ Failed password for root from 222.186.160.48 port 57078 ssh2]
May 15 20:58:03 creature-ubuntu-server sshd[5366]: Received disconnect from 222.186.160.48: 11: [preauth]
May 15 20:58:03 creature-ubuntu-server sshd[5366]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.160.48 user=root
May 15 20:58:05 creature-ubuntu-server sshd[5368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.160.48 user=root
May 15 20:58:07 creature-ubuntu-server sshd[5368]: Failed password for root from 222.186.160.48 port 36949 ssh2
May 15 20:58:11 creature-ubuntu-server sshd[5368]: message repeated 2 times: [ Failed password for root from 222.186.160.48 port 36949 ssh2]
May 15 20:58:12 creature-ubuntu-server sshd[5368]: Received disconnect from 222.186.160.48: 11: [preauth]
May 15 20:58:12 creature-ubuntu-server sshd[5368]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.160.48 user=root
May 15 20:58:15 creature-ubuntu-server sshd[5370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.160.48 user=root
May 15 20:58:17 creature-ubuntu-server sshd[5370]: Failed password for root from 222.186.160.48 port 45162 ssh2
May 15 20:58:21 creature-ubuntu-server sshd[5370]: message repeated 2 times: [ Failed password for root from 222.186.160.48 port 45162 ssh2]
May 15 20:58:21 creature-ubuntu-server sshd[5370]: Received disconnect from 222.186.160.48: 11: [preauth]

fail2ban log:

2015-05-15 20:28:06,220 fail2ban.actions: WARNING [ssh] Unban 58.218.204.72
2015-05-15 20:36:38,670 fail2ban.actions: WARNING [ssh] Unban 221.229.166.4
2015-05-15 20:52:22,423 fail2ban.actions: WARNING [ssh] Ban 58.218.205.66
2015-05-15 20:52:29,448 fail2ban.actions: WARNING [ssh] Ban 58.218.204.36
2015-05-15 20:58:44,650 fail2ban.actions: WARNING [ssh] Ban 222.186.160.48
2015-05-15 21:02:22,855 fail2ban.actions: WARNING [ssh] Unban 58.218.205.66
2015-05-15 21:02:29,880 fail2ban.actions: WARNING [ssh] Unban 58.218.204.36
2015-05-15 21:08:45,087 fail2ban.actions: WARNING [ssh] Unban 222.186.160.48

and these entries go on and on and on…. for days and days and days.  I guess resistance is futile.

Well, maybe not.  Iptables to the rescue (example): sudo iptables -A INPUT -s 58.218.205.70 -p tcp –destination-port 22 -j DROP

done and done.

Borg attack from (heh):

IP Address 222.186.160.48
City Zhenjiang
State/Region Jiangsu
Country Code CN

IP Address 58.218.204.36
City Xuzhou
State/Region Jiangsu
Country Code CN