all comments

[]go1dfish -0 points

What was the actual vulnerability you experienced?

[] -0 points

So I think they got into my ssh. I should have set up fail2ban for that.

From there they were attempting ssh logins on other systems.

What is interesting it the report they sent my vps provider has the port numbers being tried and they aren't just 22, so the attacker was able to find the ssh ports on all these other sites. I guess maybe a simple ncat can do that.

It would be cool if ssh did nothing to reveal itself unless an authorized attempt was made. I know that's a problem with the server declaring what encryption protocols it supports but still.