So I’m the server admin and web developer for my school’s robotics team. I look through the servers access logs every once in a while just to check on things. I keep seeing requests that look like someone’s scanning for vulns. But I’m seeing something I’ve never seen before. It looks like someone is sending requests in machine code and I have no idea why or what it would do???
here’s the request:
"\x03\x00\x00\x13\x0E\xE0\x00\x00\x00\x00\x00\x01\x00\x08\x00\x02\x00\x00\x00" 400 166 "-" "-"
they’re all attack attempts. set up fail2ban, enforce ssh key-based authentication, run it in a non standard port and create firewall allow lists for trusted users, networks or countries if you can. make sure everything is patched frequently.
expect consequences for running onion hidden services - captchas and denied service for that IP address, but also attacks against the hidden service itself.