Hacking attempts and DDoS attacks are commonplace. In fact, its been just a week since I setup my RPi as an always-on device, with sshd service running. Today, I opened up the authentication logs and found 100s of login failures over ssh, all coming from China. I installed fail2ban which seamlessly takes care of banning clients with repeated login failures. It is easily configurable via a simple config file.
The attacks seems to be from a Linux Malware called XOR.DDoS (details here: XOR.DDoS)
These are the IP addresses seen attacking my RPi:
(The number in the first column denotes the number of times the client has tried to connect and failed).
These are the messages in the auth.log:
Using ip2location, I traced them to:
Seriously! What are you trying to get from my RPi! Stop or I’ll have to send my attack cat to get you!
borrowed from rore@flickr
Everyone must install fail2ban (or equivalent) firewall programs for the always-on connected embedded devices like the RPi!