alt Hacker NewsConfuse some SSH bots and make botters block you
Comments
Lol, I want to know what happened here:
Eventually I blocked Brazil since I always
block them via accept-language in nginx and haproxy anyway.
For reasons I will never understand most people in Brazil
can not and/or will not read or follow even the
simplest instructions. This has been the case since BR was
connected to the internet.
We don't leave any ports open anymore. Everything is behind Wireguard. No key? Your packet goes into the blackhole.
Silent by default.
I love this, I remember running a tarpit on port 22 on a spare VM at an old job of mine. Was entertaining to tie up all those scanners and be a pest to their runners.
The extremely large banner in this example is hilarious.
I like this, back when the xterm CVE was common you could probably 0wn any botter who was looking at their logs in xterm.
Not sure if it's down or if I've been flagged incorrectly as a bot
Safari can't open the page "https://mirror.newsdump.org/confuse-some-ssh-bots.html" because Safari can't connect to the server "mirror.newsdump.org".Interesting bit here. How would this render the firewall useless?
# greater than 1 is a vulnerability by design used by TLA phishers rendering every firewall useless.
# beware of fakademic mid-wits that parrot things they do not understand.
MaxSessions 1> The VersionAddendum will cause most poorly coded bots to hang, thus causing the botter to exclude us from their scans rather than us having to block them.
Why does this happen, wouldn't bots just ignore the version information?
Feel free to test your SSH bots and HTTP bots against mirror.newsdump.org
I guess I trigger the bot detection? All I am served with is a Rick Astley quote.
Turns out switching from Firefox mobile to Chrome mobile "fixes" this. Thanks for supporting the free and open internet.