Over 90% of the ssh logins come from just a few China Telecom addresses. They ju... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mianos on June 16, 2024 \| parent \| context \| favorite \| on: What You Get After Running an SSH Honeypot for 30 ... Over 90% of the ssh logins come from just a few China Telecom addresses. They just keep trying random ssh accounts over and over all day. I just geoblock China now. Maybe occasionally unblock it for a few minutes if the kids want to buy something from Shien. Then I honeypot the rest with the continuous ssh banner script.

m0rde on June 16, 2024 [–]

What's a continuous ssh banner script?

throwitaway1123 on June 16, 2024 | [–]

It's a tarpit that slowly sends a message to bots to keep them (and their bandwidth, memory, and CPUs) occupied: https://github.com/skeeto/endlessh?tab=readme-ov-file

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact