• Ziggurat
    link
    fedilink
    English
    arrow-up
    49
    arrow-down
    1
    ·
    1 year ago

    Most likely : Someone script kiddie tried to attack-it, and some user had a week password. There is tons of bot farm attacking any device connected to the internet all the time, as indiviual, we usually have a firewall/router between our PC and internet (so the whole family gets wifi), and keep all the “remote access services” off. But a telescope is typically the kind of infrastructure where “remote access” is necessary meaning that you’re a target for attacker

    • ImplyingImplications@lemmy.ca
      link
      fedilink
      arrow-up
      43
      arrow-down
      1
      ·
      edit-2
      1 year ago

      There is tons of bot farm attacking any device connected to the internet all the time

      A neat experiment is to configure an SSH server that has no users. It’ll allow connections but it isn’t possible to actually login. It’ll also have a log where you can view login attempts. Within a few days of going online, your logs should be filled will tens of thousands of login attempts from IP addresses from around the world.

        • wildbus8979
          link
          fedilink
          arrow-up
          10
          ·
          1 year ago

          You should see what gets sent to web servers. All sorts of exploit strings ranging from IIS to WordPress.

      • sylver_dragon@lemmy.world
        link
        fedilink
        English
        arrow-up
        14
        ·
        1 year ago

        Yup, in the last 24 hours, my little home server had 244 failed ssh logins and a bunch of web application attacks. If it’s on the internet, it’s under attack constantly. Fall behind on your patching, and you’re going to get popped.

      • Moghul@lemmy.world
        link
        fedilink
        arrow-up
        5
        ·
        1 year ago

        Yup. Our company gets this all the time, in addition to some impromptu basic pentesting.