On Sat, Oct 08, 2022 at 07:51:48AM +0530, Mayuresh wrote:
> On Fri, Oct 07, 2022 at 02:14:09PM -0000, Michael van Elst wrote:
> > Someone is brute-forcing your account passwords.
>
> Thanks. I think blacklistd is protecting me.
>
> But doesn't this qualify as a DDOS attack? The VPS provider (Hetzner)
> claims to provide DDOS protection. Shouldn't it have triggered in this
> scenario?
No idea what kind of protection Hetzner is offering. But such attacks
rarely qualify as DDOS, it's usually a single bot that does rapid login
attempts. Sometimes you have several concurrent independent attacks.
If you have a slow machine, blacklistd might not be sufficient. The
login attempt times out before sshd can check the password and trigger
the blacklist entry.
Greetings,
--
Michael van Elst
Internet: [email protected]
"A potential Snark may lurk in every tree."
