On 26/02/2019 18:02, Zorro via arch-general wrote:
On 2/26/19 1:40 PM, Juha Kankare via arch-general wrote:
I'm getting a lot of connections from China it seems. Whenever I check my journalctl, it's an andless wall of nginx complaints about a single ip spamming requests fro different php files. This happens with hundreds of ip's, and tens of times daily. Has anyone else been hit by this. I already made a shellscript to block all connections from China, but I'm curious as to why this happens, and if anyone else has had the same problem.
I see this happen on my SSH server.
The journal is full of these failed login attempts. Haven't checked from where those login atttempts come from though.
It makes it hard to find something in the journal.
Regards, Harm-Jan Zwinderman
If you want a fix, check out https://bbs.archlinux.org/viewtopic.php?pid=1833825#p1833825 and/or fail2ban