The server that hosts the page you are reading now is under attack, and somehow, almost all break-in attempt originate in China. Thanks China!
Last night alone there have been fifteen attempt to log in. With no success. Oh, by the way, this is not abnormal. If you have broadband and normal home computers, this happens to you as well but you probably don’t realise it.
I like using my own web server. From home. Using my broadband connection. Most people think of a web server as a huge computer in a temperature-controlled room full of servers and lots of blinky lights. My server fits in the palm of my hand, lies in the corner where my providers’ router is and has no blinky lights. And it hosts this website, a couple of automated twitter systems, some more websites, and a load of databases.
All in all not really interesting to be hacked by anyone. After all, why bother with this server when there are servers of banks, other large companies or governments around?
Organisations or people are interested in my server because once they have full access to it, my server can be used as part of their ‘botnets’. A botnet is a giant set of computers, spread all over the world. Botnets are used to unleash massive, coordinated attacks on other computers (DDOS attacks) to completely black a website, botnets are used to spread spam and a lot of other things no one in their right set of mind would like to be part of.
How do these attacks work? Computers (perhaps computers part of a botnet) run a program that automatically tries to log in into other computers. These computers use longs lists of commonly used passwords, these lists contain billions of passwords and the software is smart enough to also try replacing L3TT3R5 with NUM83R5, and adding numbers from 1900 to 9999 to passwords. Of course all common first names, pet names and geographical names are also in these lists. The software automatically tries every password in the list until they have access. And because it is automated, it is really fast.
Enter fail2ban. Fail2ban is free software that can run on linux servers. It blocks a computer from accessing your server for as long as you like (mine is set to a couple of hours) if a wrong password is entered twice in a row. This slows down the whole process of automated breaking in to such a degree that it would take 550 million years to get into my server. Oh, and I have a really good password of course!