I have been seeing persistent SSH connection attempts on my computer from a fami

Question

I have been seeing persistent SSH connection attempts on my computer from a familiar IP address. I got curious and decided to do some Googling on the IP address. Turns out that someone from Indonesia is publicly sharing a whole list of IP addresses of servers, some from Digital Ocean, with their SSH passwords. I am not sure whether these servers belong to that person, whether these are admin passwords and what is the purpose of the person sharing it publicly. But it does look shady since I am getting SSH login attempts from one of those IPs. Are these SSH passwords of hacked servers? Why is the person sharing it? What can be done about it?

Explanation / Answer

I'm seeing the posted link and it seems to be an Indonesian facebook page, where the group writes IPs and credentials of different servers. I think so these servers don't belong to the group, but the group itself discovers them by sharing their credentials. I don't know what they do with them, but then the servers are most likely hacked for some purpose. Similar attacks are performed by brute forcing an SSH connection through specific tool (Hydra, Medusa, ...), as you are seeing in your computer. So, it is very important to have a strong SSH password (alphanumerics>=10), to define a specific user for the SSH connection, and to disable the root/admin account for SSH logins.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.