Readit Newstakemine commented on I looked through attacks in my access logs nishtahir.com/i-looked-th... · Posted by u/thunderbong
As someone who knows very little about security, this is really interesting, thanks! A question though: how would one know if there has been a breach? These examples look relatively easy to detect, but I guess there would be more complex cases?
You can use honeypot that bait hackers . I am running a non-intrusive one where you put baits in your servers or laptop, when hackers see it, they'll try to use them.
takemine commented on I looked through attacks in my access logs nishtahir.com/i-looked-th... · Posted by u/thunderbong
Nice analysis! You should protect your infra to avoid this kind of scanning:
- Disable password login for SSH, use keys instead.
- Limit access to known IPs (with a managed vpn)
- Use Cloudflare: Their WAF is really good
- Forward logs to an other service that can analysis logs (datadog is nice)
shameless plug: started a small honeypot service[1] if anyone would need it as a last resort[1] to catch hackers in your servers . Feedbacks appreciated!