Date Reported: Thursday, November 14, 2019
Status: Past Incident
Severity: Severe - Cyberterrorism
Primary Weapon: Hacking
Specific Location: Lianyungang Jiangsu
City/Local Area: Shanghai
State/Territory: China
Region: East Asia
Last night our server was slowed to a crawl by a SSH brute force attack originating from the IP address 49.88.112.77. To stop the attack we had to disable to FreeSSHDService in Windows Server 2016. The service is ultimately unnecessary on a Windows Server anyway and we never needed it before on any other servers that we have used. By disabling that it meant that nothing was listening on port 22 anymore, so there was nothing for these Chinamen to attack anymore.
Brute force SSH attacks are typically a problem for Linux servers but can be a problem for Windows Servers also if they have some sort of SSH feature running. The easiest way to stop SSH brute force attacks and prevent others is simply by not using SSH.
Learn More About SSH Attacks