Home ¦ Categories ¦ Atom

New Server, Who Dis? (Phishing attempts)

Recently got a new vps box, firewall switched on and working on setting it up for a while. Then things were ready and I wanted to start testing email delivery and a few external things. The moment I opened up the firewall, I was inundated with a slew of probes, scans and all means of phishing attempts.

It was all over the place, the ssh logs, email servers, web server and every open port. This is not new to me, I've been seeing it happen for years. But what was surprising here was that it was a brand new server, fresh ip, new domain, barely dipping its toes into the sea of traffic on the internet, and it was almost instantaneous. Like vultures were circling and waiting for the firewall to puncture slightly.

Initially, I even skipped setting up fail2ban, but the persistence of certain IPs changed my mind pretty quickly.

There is no doubt that these attacks won't ever stop, there seems to be some profit in them since they've increased over the years.

It's a jungle out there, keep your firwalls up, don't expect any grace period when publishing a new service. Also, check your logs regularly. I'm not a fan of rapid updates, as it's one of those things that still carries both a cost and risk, but it still has to be done at regular intervals.

© 2023 Ahmad Khalifa. Built using Pelican