Lew Wolfgang wrote:
And of course botnets also scan for open ports, and not just the obvious ones. I just checked on my underused server with a direct and static connection, and over a 75-minute period I had 869 ports scanned, 637 of them were unique ephemeral high-numbered ports. Botnets don't care about laws, and if your IP is static for very long, your hidden ssh port could be exposed.
Yep, I can assure you they will be. Even if we use public key authentication, we still run ssh on a high port - on one server installed in 2015, there were no ssh attacks until 7 February 2021. Since 2907 login attempts. On another, also installed in 2015, attempts started 1 November 2020, since then 136680. -- Per Jessen, Zürich (12.9°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland.