Sometime in the middle of February, I started noticing a marked increase in failed SSH logins on my two servers. Using the program fail2ban, I have long blocked logins by IP addresses that attempt to use root, www-data, or similar generic logins via SSH. IPs are blocked for a full year. Root logins and password authentication are both disabled in the SSHD config. In other words: I’m the only one who can login, goddamnit.
In a normal 24hr period, there are on average 20-30 failed logins. By mid-February, I was getting 40-50. By early March, as many as 100. On the 7th, I went off to Code4Lib in Pittsburgh and new fails per 24hrs hit 150 per night. A few days after I got back from Pittsburgh, a torrent unleashed itself and new fails peaked ~500 per 24hrs around 2020-03-16. By the time I started tracking new fails per night on 2020-03-27, I had hit somewhere ~5500 total failed IPs in just over a month and a half. I began to think that the groups that engage in these kind of malicious login attempts were taking advantage of the outbreak of COVID-19, which was overwhelming and shocking and everything else. It’s a period I’ll never forget.
At midnight on the 27th, I took a deep gulp and unbanned every IP that’d been blocked. The first fail was maybe 20 seconds later. But at the same time, the rate of new fails slowed considerably from its peak earlier in March.
Methodology
What counts as a fail?
any attempt to use a password for SSH login
any attempt to login as root
While yes, both of those things are banned already in the SSHD config, but since fail2ban acts as a firewall of sorts, it’s a good thing to have. It also does much more than SSH. I picked SSH for this experiment because it’s the most logical vector of attack, if you’re attempting to hijack a machine.
anelki.net is the machine that runs this site and a few other things based on a Hetzner VPS in Germany. It was on Linode in Germany until the end of March when it moved to Hetzner.
wirefox is a VPN and Pi-Hole VPS on Linode near New York City.
Results
This is obviously only my microscopic corner of the web, so I’d be really interested in hearing from other people about this. My contact info is here.
Back in the day, I wrote a livejournal. I still remember my username and I’ve gone back to look at it a few times. It’s just as embarrassing as you might expect.
But the one thing that I still think about from that time is the fact that I made some genuine (if indeed tenuous) friendships. And despite the fact that those days have long passed (15+ years, after all), those friendships are still valuable and have meaning. In some small way, they made me part of who I am today.
And all of our friendships do that to some degree or another. We might look back on things with different eyes, in my case with disgust or embarrassment. But things always look different after the fact.
I mention this because in autumn 2019, I started getting back into blogging again. I also started using internet relay chat (IRC). First through Code4Lib’s channel on Freenode, then ArchiveTeam’s channels on EFnet, and finally into the Tildeverse, a group of shared Linux/BSD servers for collaborative learning and exploration.1
I’ve met some really cool folks in the tildeverse. Some folks are neighbors (/me waves at cm). Others have excellent taste in music (gb) and others are just awesome and have taught me a lot about sysadmin-ing (thanks, ben). And I can’t leave out js who’s one of my favorites. or favourites, she might perfer. They’re good folks and I’m very grateful to know all of them.
But one person is missing at a time when we need our ‘internet friends’ more than ever and that’s ynx.
ynx was my first real friend on IRC, they made me feel welcome, they talked to me when I didn’t really know anyone else. When IRL things started to go a bit sideways, it was nice to have someone to just chat with.
I miss you, ynx. I think I know why you left tilde.chat and I understand. I know things are bad right now, the world is in a dark place and the forecast isn’t calling for sunshine anytime soon. But the thing about friends is that we help one another when the skies are gray. And I want you to know that I’m here for you, if you ever need it.
Just /msg me.
your friend,
anelki
This does seem a little bit silly to put out there like this. But such are the times.
Part of the deal with internet friends is that they can be ephemeral. Sad, but that’s just how it is, I guess.
I’m extremely lucky to live where I live. In more normal times, I’m two blocks from a station on the Metro line that runs to my job, have plenty of grocery stores, drug stores, etc., live near beautiful parks, and am not far to fantastic trails
and urban wilderness. During this…challenging…time, I am per order of the Hon. Ralph Northam, meant to stay as close to home as much as possible. In
other words, walking down to Roosevelt Island or through Lubber Run park is probably not what the elected leader of the Commonwealth had in mind. That said, I do live in a rather beautiful (if you like older homes) and certainly walkable
neighborhood. This will be fine.
Except…the number of Ring cameras in my neighborhood seems to grow daily. Especially at night when their pale blue eyes burn the brightest.
Nevermind the facial recognition. We’re living in the future! If the future was the early 1990s when video door bells first became a thing.
But I mention all of this because tonight, I noticed how I’d started reflexively dodging their gazes: “look left here, walk 20 feet, then look right, then you’re clear for a house.” Walking up one block near my own, I counted 7 on a standard block of maybe 12 houses? I guess I’ll avoid Norwood from now on. Or at least until the inevitable Spring power outage.
edit 2020-03-31 00:30
And how could I forget that for my first year of living here, I walked by a neighbor’s apartment door who had a similar thing that fit in her peephole that took a photo whenever it detected motion in the hallway.
