I had port 22/tcp traffic from outside to my router and to my main Linux machine. This means that I could ssh into my machine from outside. I’ve had it open for a while.
Just out of curiosity, I ran the following command.
sudo journalctl -f -e
-f option means “Show only the most recent journal entries, and continuously print new entries as they are appended to the journal.”
So with these options, I can continuously monitor what’s going on with the daemons. I saw a bunch of logs like the following.
Nov 18 21:00:38 linux-mint sshd: Failed password for root from 188.8.131.52 port 60182 ssh2
This looks totally suspicious. Who is trying to logon to my machine as root? You can see the IP address and I decided to check on it on abuseipdb.comSure enough this IP address was reported many times. With this kind of data, I immediately closed the port 22. It’s probably a zombie PC that keeps scanning IP addresses all over the world looking for open ports to attack. This is really annoying because I can’t open ports for ssh and/or RDP. I mean I can but it’s much more risky than using a solution like VPN.
If you have port 22 open to one of your machines, it’s pretty interesting to see how many machines from outside trying to get a root access to your machine. That’s why it’s very important to have a complex password even if it’s for your personal use.