←back to thread

The internet is no longer a safe haven

(brainbaking.com)
253 points akyuu | 1 comments | 16 Nov 25 13:12 UTC | HN request time: 0s | source
Show context
embedding-shape ◴[16 Nov 25 15:56 UTC] No.45945999[source]
> The internet is no longer a safe haven for software hobbyists

Maybe I've just had bad luck, but since I started hosting my own websites back around 2005 or so, my servers have always been attacked basically from the moment they come online. Even more so when you attach any sort of DNS name to it, especially when you use TLS and the certificates, guessing because they end up in a big index that is easily accessible (the "transparency logs"). Once you start sharing your website, it again triggers an avalanche of bad traffic, and the final boss is when you piss of some organization and (I'm assuming) they hire some bad actor to try to make you offline.

Dealing with crawlers, bot nets, automation gone wrong, pissed of humans and so on have been almost a yearly thing for me since I started deploying stuff to the public internet. But again, maybe I've had bad luck? Hosted stuff across wide range of providers, and seems to happen across all of them.

replies(13): >>45946074 #>>45946178 #>>45946504 #>>45946700 #>>45946715 #>>45946870 #>>45946927 #>>45947354 #>>45947815 #>>45950210 #>>45950360 #>>45951545 #>>45955317 #
NoboruWataya ◴[16 Nov 25 17:40 UTC] No.45946870[source]
I have a personal domain that I have no reason to believe any other human visits. I selfhost a few services that only I use but that I expose to the internet so I can access them from anywhere conveniently and without having to expose my home network. Still I get a constant torrent of malicious traffic, just bots trying to exploit known vulnerabilities (loads of them are clearly targeting WordPress, for example, even though I have never used WordPress). And it has been that way for years. I remember the first time I read my access logs I had a heart attack, but it's just the way it is.
replies(4): >>45947135 #>>45947452 #>>45947801 #>>45949802 #
timeinput ◴[16 Nov 25 18:15 UTC] No.45947135[source]
and it has been that way for a long time. Hosting a service on the internet means some one is *constantly* knocking at your door. It would be unimaginable if every few 10-1000s of milliseconds someone was trying a key in my front door, but that's just what it is with an open port on the internet.
replies(1): >>45947257 #
sshine ◴[16 Nov 25 18:31 UTC] No.45947257[source]
I recently provisioned a VPS for educational purposes. As part of teaching public/private network interfaces in Docker, and as a debug tool, I run netstat pretty easily on.

Minutes after coming into existence, I have half a dozen connections to sshd from Chinese IP addresses.

That teaches the use of SSH keys.

replies(2): >>45948165 #>>45948789 #
toyg ◴[16 Nov 25 20:34 UTC] No.45948165[source]
Just put sshd on a nonstandard port, and 95% of the traffic goes away. Vandals can't be bothered with port-scanning, probably because the risk of getting banned before the scan is even complete is too high.

But I agree that keys are not optional anymore.

replies(1): >>45974032 #
1. sshine ◴[19 Nov 25 00:07 UTC] No.45974032[source]
I do use non-standard ports and sshd on VPC/VPN interfaces. But for teaching purposes, you are dealt a hand and you have to learn to deal with it.