script-kid.md 3.0 KB

+++ date = 2017-12-13T16:00:00+08:00 draft = false tags = ["iptable"] title = "Stupid Script Kid" summary = """ You stupid script kids are too young, too simple, sometimes naive! """ authors = ["xry111"] +++

Who is the stupid script kid?

Hello 42.7.26.49. Why do you keep scanning my SSH port with weak passwords? Well I have a root password with length 16 containing letters, digits and punctuations so I just let you try. If you are lucky enough, I can ask you for helping me to choose a lottery number!

But you are too young, too simple and sometimes naive! I was surprised you had kept scanning for 12 hours. It's totally harmless but spamming my system journal. Now I can't stand you anymore.

How to stop the scanning?

iptables -A INPUT -s 42.7.26.49 -j DROP.

Words to the young script kid

{{% alert note %}} Since the kid is from Liaoning, I'll provide Chinese version for him. {{% /alert %}}

I feel that you script kids still need to learn a lot. You know well about brute force attacking, but you're still too young. Do you understand? I am experienced and have seen a lot! Fpcsong from the School of Cyber Engineering, is much higher than you and you can't even see him! I make easy conversation with him. So you kids still need to improvement your knowledge level, understand or not?

我感觉你们这些脚本孩子还要学习一个。你们非常熟悉暴力的这一套攻击, 你们毕竟还 too young ,民白这意思吧。我是身经百战了,见得多了! 网安院的 fpcsong,那比你们高到不知哪里去了, 我跟他谈笑风生。所以你们还是要提高自己的姿势水平,识得唔识得啊?

You kids have an advantage that your speed is the fastest among all western crackers. But your attacking approach, are all too simple, sometimes naive! I'm sorry. I am talking to you as an ACMer. I am not a cracker but I've seen enough! Hacking must obey the Basic Law like other activities. You guys are naive! I can tell you I am angry. What you are doing is useless.

你们有一个好,全世界跑到什么地方,你们比其它的那些西方攻击者跑得还快。 但是用来用去的方法啊,都 too simple, sometimes naive! 我很抱歉, 我今天是作为一个 ACMer 和你们讲。我不搞网络安全,但是我见得太多了。 在网上搞事情还是要按照基本法! 你们啊, naive ! I am angry 我和你讲,你们这样子是不行的。

Use Fail2Ban to stop the kids automatically

Fail2Ban parses /var/log/auth.log to find the IPs keep trying to login via SSH and use iptables to ban them automatically.

sudo apt install fail2ban, systemctl enable fail2ban and systemctl start fail2ban. The default configuration can ban the brute force attack on SSH.

If you still think the kids are too noisy, modify /etc/fail2ban/jail.conf and set bantime = 233333 to ban them for a longer time. But I suggest you to set .ssh/authorized_keys at first so you won't ban yourself.