Bot attacks - death to the bot

James S

Explorer
Joined
Apr 14, 2014
Messages
91
The problem with the Internet is that it tends to level the playing field.
This is exactly my point. By labelling an entire country in a negative way it is easy for stereotypes to take over. (See the assumptions in the post.
I'm sure some of my perspective is naive. I'm not a security expert but a simple manager of a NAS keeping an eye on security.
Nonsense. If all your users are in a certain geographical area, and won't have any legitimate need to access your system from outside of that area, preemptively blocking IPs from outside that region is a legitimate strategy having nothing to do with politics, stereotypes, or racism (except in the idiotic sense in which "racism" is often used today in which literally everything is racist). You don't have to do it by any means, but that doesn't make it unsound.
See the above... "I assumed that becuase this is an English language . . . "
Sound like a stereotype to you? An assumption right?

I follow the rational - that if all users are in a certain geography then constraining access outside that space makes sense. That IS a rational (no users outside a geography). Assumptions that users in (China, India etc.) need to be blocked is NOT a rational. My point here - which is a little nuanced -- that it reflects how easy it is to jump to various assumptions.

Ok - so I'm a British guy living and working in Taiwan. I get frustrated when websites (obviously different from the NAS scenario) get blocked becuase of my region.

A good discussion.
 

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,681
I'm sure some of my perspective is naive. I'm not a security expert but a simple manager of a NAS keeping an eye on security.

Ok - so I'm a British guy living and working in Taiwan. I get frustrated when websites (obviously different from the NAS scenario) get blocked becuase of my region.

So that is indeed a different scenario. The website scenario is different because a website is typically intended to be a publicly accessible resource. Your SSH port is not. We could probably agree that if you were running a restaurant and posted a sign at the door saying "Blue skinned people not welcome", that is racist in the unfair sense you are objecting to. On the other hand, if you merely refused to let Andorians into your home's kitchen, that could be a much more nuanced and scoped choice, even if you posted that same exact sign.

At the end of the day, IT disasters often cost people and companies real money. Once you've had your system broken into due to SSH hacking, and suddenly had your server turned into a botnet C&C, and had your ISP shock-bill you for 10,000x the bandwidth you normally use, and had to have a discussion with the local FBI because your system was caught being a C&C node for a US governmental system that had been broken into, and your server was severely damaged due to hacking and you had to pay a contractor five figures to have it stripped down to the bones and rebuilt securely, and then your insurer notified you that future incidents would not be covered unless you took industry standard precautions to protect your SSH port, you might well decide that the "principled" anti-"racism" position that you're promoting is far too costly in the real world. This doesn't even begin to touch on factors such as PCI-DSS compliance, where if you want to be able to process credit cards, a significantly secured system is required and you may actually be audited by a professional security company and be refused the privilege of processing credit cards unless you are found to be compliant.
 

shanemikel

Dabbler
Joined
Feb 8, 2022
Messages
49
"I assumed that becuase this is an English language . . . "
Yes, that was just an example. Feel free to take or leave as much as you want, depending on what applies to you. I did check your logs and most of the auth attempts were from China in that small sample. It would probably be helpful to you, as a sysadmin, to cross reference origin IP against your complete logs. You may even find there are more attempts from USA or France. In that event, I hope you come back to sort me out ;-).

I have a difficult time imagining the scenario that I'd want a public, international SSH server. You apparently have a good reason that you're unwilling to share. I'm very curious now... If you're a Brit in Taiwan, I would suggest blocking everything outside of Taiwan and UK, or everything outside of Taiwan if you don't frequently travel to or have users in the UK.
 

shanemikel

Dabbler
Joined
Feb 8, 2022
Messages
49
If you are providing some service to international clients and must leave the server completely open, I strongly suggest you look into implementing most of those measures in my post.

Even better than trying to secure an open terminal server: use a container or VM for each client. I can't give more specific advice without knowing the use case.
 

shanemikel

Dabbler
Joined
Feb 8, 2022
Messages
49
@James S dude... maybe there are downsides but being in Taiwan has to be great for cheap, cutting edge, grey-market hardware. You've gotta send me some Pmem lol.
 
Top