To prove I temporarily control the IP in question one can SFTP as mirror@104.200.16.195 on port 22 with no password and there is a __README__.txt. Feel free to brute force or crash sshd.
If you have scripts that work fine I would love if you SFTP them to me. If your scripts get stuck I will show my work being done to slow bots via SFTP. Beyond that of what OpenSSH 10 is already doing to deprecate fail2ban.
The goal is to bend the default applications and OS in a way most should be able to without installing anything.
flamesofphx•1h ago
1. Make all port not respond (Stealth in the firewall), unless they are public like http..
2. Change the SSH port # (over 8192 also)..
3. Setup port knocking watchdog so they have to knock first in a specific order on three ports before being allow to connect to real port.
4. Setup fail2ban. Including if someone pings the knocking ports (in the incorrect order) or real ssh (Without knocking first) then after a couple of times, add their ip to fail2ban list for 48hours..
You get rid of 99.98% of the lookers instantly, by just doing step 2...
This assume you have control over the server, there are several script online that help you provision something like that with ansible.. (Most of them helper related to configuring fail2ban.
Bender•1h ago
This is an attempt to see what fun I can have with the bots on public SFTP servers. I am also curious if I can crap-up their logs a bit, depending on what they log. It's also fun to get them stuck using OpenSSH rather than depending on netfilters tarpit which AFAIK is not available via nftables.
This poor bot for example is stuck in a loop and can't even try to authenticate because of something I put in the sshd_config a copy of which is available on the SFTP server. Legit SSH clients can attempt to authenticate however.