SirDice, I know how to use the blacklistd dump command, I just like to know where is that list kelp. It seems that it’s inside the kernel because I can’t find it anywhere. SSHGuard has his in
/var/db/sshguard. According to the docs the way FreeBSD blacklistd works got the be the strongest of them all, however here is a part of my list that show where something went wrong – it missed. It make me think that although SSHGuard works at a higher level it don't miss. I also notice that I only been running blacklistd, I forgot to include SSHGuard but thought I had it running. Question: Is it possible to run both blacklistd and sshguard?
Code:
192.169.155.230/32:22 1/3 2018/03/21 20:47:57
92.222.119.202/32:22 1/3 2018/03/21 18:35:53
103.26.99.120/32:22 1/3 2018/03/21 17:49:03
14.23.77.154/32
211.72.203.250/32:22 1/3 2018/03/21 02:55:32
190.147.88.247/32:22 1/3 2018/03/21 22:45:08
178.22.48.137/32:22 1/3 2018/03/21 13:28:53
About something else; since those last few hits I posted above I never got hit again … so I commented out this line the same day and iirc I still did not get hit or if I did it was few and far between, like 36 hours for one. The reason I remove this rule is that I was asked why would I even want to open up the ssh port to the world. Even today, it’s still commented-out.
I'm guessing that this solved that problem? If so, that could be the reason why I didn’t get any more hits. I should have wrote something down as a reminder, I did that for everything else.
Code:
# # # pass in quick on $_nic proto tcp from any to any port 22
Anyway, I figure I’ll keep everything in place just incase I want to peep in on it in the future for some reason such as rechecking those moves. THEN what I did was to change the port number and now I know for sure . . . me and my auth.log are so lonely. I get board of seeing nothing everyday. I forgot the reason of ordering the VPS in the first place.
So for contentment until I get fired up again I’m reading SSH(1) until I can recite it. Right now it’s scary! Until I know why to tamper with or disable hosts.equiv, rhosts and rlogin/rsh protocol, I’m going to stick with using a super strong password until I know how to divide and use keys at home and use password at the library. I see now SSH(1) is no play toy. You have to read it at least 15x to get it half-right and that is what I’m going to do.
So to sum it all up changing ports WON .. but blacklistd without the pass out rule seem to keep on working or ssh just got shutdown in the foreground or something. Maybe they all are working together because I have TOTAL silence to date. Not even a port-scan.
Here is a non-exhaustive list of blacklisted IP addresses by bruteforceblocker.
Lamia, I ended up with more then half of that list. It's not as large as I thought. No offence but I heard about all of those oriental countries trying to hack the world, but Vietnam? That takes the cake. Maybe we doing the same to them, but how am I suppose to know. Or maybe not because no one can ... Ahaa, they got the Great Firewall.