Looks like i was quite lucky. At the moment, i was looking at the server notifications and fail2ban started screaming.
Almost 30 different IP addresses were blocked for ssh attack. And the locations are all around the world.
It was a server exposed online via some subdomain. Some ports were open, including 22. Is this something to be expected always?
What do the guy expect?
Does it make sense to report this to DigitalOcean as several of those IPs belong to DO?
โ
https://preview.redd.it/a8hlok99q71c1.png?width=795&format=png&auto=webp&s=4a95b1732afc3c295e0d9ac46e0f3b96ff1be7d6
https://preview.redd.it/dmqscgxcq71c1.png?width=1041&format=png&auto=webp&s=48b6dc14eb8d267510437085717f58fbc880a972
118.45.151.148 125.91.123.149 43.134.180.30 128.199.208.187 43.133.33.240 43.163.218.44 43.156.238.11 129.226.91.96 43.156.240.201 43.134.33.175 43.153.226.222 43.134.231.46 43.154.189.227 159.223.74.41 156.232.11.117 156.232.13.213 43.134.132.76 43.153.202.243 43.134.230.140 43.156.101.180 64.227.176.121 43.159.40.202 124.156.2.182 146.190.142.125 139.59.160.73 49.51.183.1 68.168.132.152 94.72.4.20 103.180.149.5
