Hacking attempts and DDoS attacks are commonplace. In fact, its been just a week since I setup my RPi as an always-on device, with sshd service running. Today, I opened up the authentication logs and found 100s of login failures over ssh, all coming from China. I installed fail2ban which seamlessly takes care of banning clients with repeated login failures. It is easily configurable via a simple config file.
The attacks seems to be from a Linux Malware called XOR.DDoS (details here: XOR.DDoS)
These are the IP addresses seen attacking my RPi:
(The number in the first column denotes the number of times the client has tried to connect and failed).
These are the messages in the auth.log:
Using ip2location, I traced them to:
Seriously! What are you trying to get from my RPi! Stop or I’ll have to send my attack cat to get you!
Everyone must install fail2ban (or equivalent) firewall programs for the always-on connected embedded devices like the RPi!