Please take a look at https://www.wireguard.com/quickstart/ we now reduced the attack vector to only the things offered to the public (https, smtp tls and imaps/s) On Sun, Jun 21, 2020 at 3:58 PM Pete Biggs <pete at biggs.org.uk> wrote: > On Sun, 2020-06-21 at 16:47 -0400, mailist wrote: > > On 2020-06-21 15:33, Chuck Campbell wrote: > > > I'm running Centos 7.8.2003, with firewalld. > > > > > > I was getting huge numbers of ssh attempts per day from a few specific > > > ip blocks. > > > > If you can control the ssh clients, switch your port number to a > > non-standard > > port. Pick one in /etc/services that does not seem to be allocated. > > Then change > > "Port" in ssh_config and sshd_config; If other clients are being used > > (like Putty), > > it is easy to change it there. > > > > We used to get at least 50 probes per day on port 22. Now we get zero. > > > I used this technique for a number of years - then it got leaked to the > script kiddies the port that was used. We don't have anything > particularly valuable that they were looking for (I don't think!), but > there are lists of subnets & ports out there that the kiddies use so > once one found it, the flood gates opened. SSH is now protected behind > a VPN. > > It's a valid thing to do and makes things much saner, but don't assume > it is a forever solution and don't use it as an excuse to reduce other > protections you may have. > > P. > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos > -- --------------------- Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 ---------------------