The Internet as a whole has seen a large spike in SSH "Brute Force" attack traffic in the last several days, and we've seen it here at digital.forest as well. This is an automated attack where logins are attempted repeatedly via SSH using a list of usernames and passwords. This is the network equivalent of a burglar walking through an apartment building turning doorknobs, or more accurately a big key ring of random keys, looking for apartments into which they can gain access.

This sort of thing goes on all the time, which is why we always recommend locking down your servers here to the minimum number of user accounts via SSH and have very strong passwords on those accounts.

What is different about this latest wave is the intensity and scale of the attacks. They are far larger, and far more persistent than most previous ones. Some servers are being overwhelmed with attack traffic, to the point they become very slow, or even unresponsive to normal traffic.

If you haven't already take some precautions and lock down your servers. Limit SSH to specific external addresses, limit accounts accessible via a direct SSH login, make sure your passwords are strong. As always, make sure your systems are up to date with their security patches and updates.