Last Updated: January 06, 2019
· citruspi

Small Does Not Mean Safe

Let me begin by saying that I never thought I would ever be writing something like this, and definitely not as my first post.

I rent a Linode 521 VPS (♥) which I use to host some static sites and use as my programming playground. Because I only host a few one page sites, I never really thought of my server as a target. So, I never really took the time to look at my server logs and see what was going on while I'm away.

On December 31st, 2012, I read a post by Pete Keen, How I Run My Own DNS Servers. He mentioned using a hosted log management service, Paper Trail (referral link). He talked about the insight that he gained by using the service, and how he noticed that

I get hit a lot by Chinese and India SSH breakin attempts

I was curious to see if I was also the target of attempted SSH break ins. So, I set up Paper Trail (it took 10 seconds, if even) and waited. I didn't have to wait long - not even an hour.

Side Note: That same day, I set up logging with Paper Trail on my Raspberry Pi and Macbook too. I love it.

Honestly, I expected nothing. What I saw was definitely not nothing. In the past 72 hours, I have been hit by ~1000 attempted break ins via SSH by IP's from countries including:

  • Hungary
  • Iran
  • China
  • France
  • South Africa

Image of my logs

Sure, to some people, 1000 may be the number of attempts they get every hour, but to me, that number in less than 72 hours is astounding.

The majority of the addresses originated from China, and the attacks from Hungary came from a Computer Science lab in a University (?). None were successful.

My point is that even if your website has zero visitors per month, it doesn't mean that you're not a target. Even small (and minute) websites have to be secure.