<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Thu, Aug 14, 2025 at 4:02 PM lollipopman691 via Ale <<a href="mailto:ale@ale.org">ale@ale.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="font-family:Arial,sans-serif;font-size:14px">Not hacked, not invaded, AFAIK it's ok fine except for periodic massive DDOSing. It's an ongoing problem for a lot of webmasters -- a desultory DDG search yields hits like this one ( <span><a rel="noreferrer nofollow noopener" href="https://webmasters.stackexchange.com/questions/126781/why-is-my-regional-website-being-hit-by-thousands-of-chinese-ip-addresses" target="_blank">https://webmasters.stackexchange.com/questions/126781/why-is-my-regional-website-being-hit-by-thousands-of-chinese-ip-addresses</a></span> ) and this one ( <span><a rel="noreferrer nofollow noopener" href="https://blog.talosintelligence.com/chinese-online-ddos-platforms/" target="_blank">https://blog.talosintelligence.com/chinese-online-ddos-platforms/</a></span> ) . It's unlikely that anyone is targeting my site on purpose -- I'm just by-blow for some other idiots fighting each other I suspect.<br></div><div style="font-family:Arial,sans-serif;font-size:14px;color:rgb(0,0,0);background-color:rgb(255,255,255)"><br></div><div style="font-family:Arial,sans-serif;font-size:14px;color:rgb(0,0,0);background-color:rgb(255,255,255)"><div><ul style="margin-top:0px;margin-bottom:0px"><li style="list-style-type:"\00220e ""><span>CHS<br></span></li></ul></div><div><br></div></div><div style="font-family:Arial,sans-serif;font-size:14px;color:rgb(0,0,0);background-color:rgb(255,255,255)"><br></div><div style="font-family:Arial,sans-serif;font-size:14px"><br></div>
<div style="font-family:Arial,sans-serif;font-size:14px">
<div>
</div>
<div>
</div>
</div>
<div style="font-family:Arial,sans-serif;font-size:14px"><br></div><div>
On Thursday, August 14th, 2025 at 12:50 PM, Raj Wurttemberg via Ale <<a href="mailto:ale@ale.org" target="_blank">ale@ale.org</a>> wrote:<br>
<blockquote type="cite">
<div><p class="MsoNormal">Sorry to hear that your system got (possibly?) hacked. Yeah, fail2ban is an amazing tool. If I absolutely must have ssh open to the outside, I usually move ssh to a different port (yeah, you could still find it easily with a port scan), and I configure fail2ban. </p><p class="MsoNormal"> </p><p class="MsoNormal">/Raj</p><p class="MsoNormal"> </p><div style="border-right:none;border-bottom:none;border-left:none;border-top:1pt solid rgb(181,196,223);padding:3pt 0in 0in"><p class="MsoNormal"><b><span style="font-family:Calibri,sans-serif;color:black">From: </span></b><span style="font-family:Calibri,sans-serif;color:black">Ale <<a href="mailto:ale-bounces@ale.org" target="_blank">ale-bounces@ale.org</a>> on behalf of lollipopman691 via Ale <<a href="mailto:ale@ale.org" target="_blank">ale@ale.org</a>><br><b>Reply-To: </b>Atlanta Linux Enthusiasts <<a href="mailto:ale@ale.org" target="_blank">ale@ale.org</a>><br><b>Date: </b>Thursday, August 14, 2025 at 11:24 AM<br><b>To: </b>Atlanta Linux Enthusiasts <<a href="mailto:ale@ale.org" target="_blank">ale@ale.org</a>><br><b>Cc: </b>lollipopman691 <<a href="mailto:lollipopman691@pm.me" target="_blank">lollipopman691@pm.me</a>><br><b>Subject: </b>[ale] Ouch goddamnit</span></p></div><div><p class="MsoNormal"> </p></div><div><p class="MsoNormal">More assholes from China bringing my site down. When I rebooted, I couldn't help but notice that my uptime(1) stats were spiking into the double-digit range and the system was becoming unresponsive.</p></div><div><p class="MsoNormal"> </p></div><div><p class="MsoNormal">I wrote a quick and simple script to figure out who these guys are so I can block them at the AWS firewall. If anyone else can use it, here ( <a href="https://tomshiro.org/foswiki/ALE/BadActorScript" rel="noreferrer nofollow noopener" target="_blank">https://tomshiro.org/foswiki/ALE/BadActorScript</a> ) 'tis.</p></div><div><p class="MsoNormal"> </p></div><div><p class="MsoNormal">Looks like if I am _really_ clever I might-could figure out a way to let fail2ban(1) handle this automagically. A project for another day.</p></div><div><p class="MsoNormal"> </p></div><div><p class="MsoNormal">-- CHS</p></div><div><p class="MsoNormal">_______________________________________________</p></div><div><p class="MsoNormal">Ale mailing list</p></div><div><p class="MsoNormal"><a href="mailto:Ale@ale.org" rel="noreferrer nofollow noopener" target="_blank">Ale@ale.org</a></p></div><div><p class="MsoNormal"><a href="https://mail.ale.org/mailman/listinfo/ale" rel="noreferrer nofollow noopener" target="_blank">https://mail.ale.org/mailman/listinfo/ale</a></p></div><div><p class="MsoNormal">See JOBS, ANNOUNCE and SCHOOLS lists at</p></div><div><p class="MsoNormal"><a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer nofollow noopener" target="_blank">http://mail.ale.org/mailman/listinfo</a></p></div><div><p class="MsoNormal"> </p></div></div>
</blockquote><br>
</div>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="https://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">https://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</blockquote></div><div><br clear="all"></div><div><br></div><div>I had free server, someone find it. Just send I get pings with data (ping -m) and my free server when up to 100 bucks. <br><br>Fail2bail or lock it down so that only your ip range can access it. </div><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div dir="ltr">Terror PUP a.k.a<br>Chuck "PUP" Payne<br>-----------------------------------------<br>Discover it! Enjoy it! Share it! openSUSE Linux.<br>-----------------------------------------<br>openSUSE -- Terrorpup<br>openSUSE Advocate/openSUSE Member<br>x/mastodon.social -- @terrorpup<br>dicord -- terrorpup#3550<br>bluesky -- @terrorpup967.bsky.social<br></div><div>uglyscale.press</div><div dir="ltr">Register Linux Userid: 155363<br> <br>openSUSE Community Member since 2008. </div></div></div></div>