Tomáš Pospíšek's Notizblock
ibus was installed by default on my Debian bullseye laptop.
live-task-localisation depends on it and I'm guessing that
live-task-localisation was installed because I installed
from an USB Stick.
I'm using Xfce as a desktop,
konsole as a terminal and
KeePassXC to manage passwords.
Even while doing nothing
ibus is infrequently using CPU
and of course memory. Do I need
ibus? I don't know, but
I don't think so. I do not need to enter chinese or other
characters that are "exotic" to me.
So I deinstalled
aptitude while running the
aptitude deinstalled the following packages
ibus-m17n ibus dconf-cli python3-ibus-1.0 gir1.2-ibus-1.0 ibus-data ibus-gtk ibus-gtk3 im-config libibus-1.0-5 libm17n-0 libotf0 m17n-db
Then I killed all
ibus* daemons running on my system by
systemctl --user stop ... or
kill -HUP ....
KeePassXC would not receive
any keyboard inputs any more. It seems as if those programs
(probably along with other programs that I wasn't running
at the time), dynamically detect the presence of
and use it as keyboard input if available.
KeePassXC fixed the second problem
and starting a new
konsole fixed the other.
However, be aware that when killing ibus while running
konsole you might risk loosing the work you are
currently doing in it (or in any other X11 console or
possibly in other programs). So it's better so save
your work before killing
ibus. Because I had some
open work in console I did the copy/paste trick to
save open files in
vim and terminate other sessions.
Mind you that it might be tricky to copy/paste "special"
characters that you need, such as
Tomáš Pospíšek, 2021-08-01
The default settings of fail2ban are to ban an IP if it incorrectly authenticates 5 times within 10 minutes.
We are seeing one bruteforcing attempt every 3 minutes. The IPs where the attempts are coming from are wideely distributed over the address space. However we do block IPs that try sustainedly.
Watching the log it feels like there is at least one actor that has access to a very large number of IPs that is continually bruteforcing us, that is aware of fail2ban's default settings and is scanning with a frequency that makes sure that he's flaying under the radar of fail2ban's default settings (5 attempts per 10min).
It's also interesting to see what happens when you report an IP:
- first you find out with whois who the IP belongs to
- get the abuse contact from there
- and write an email, reporting the IP
From: Tomas Pospisek To: abuse@... Subject: 192.168.0.1 bruteforcing SMTP auth Hello, the IP mentioned in the email subject has been bruteforcing SMTP auth on our server. I have blacklisted it. 2020-02-21 00:29:53 SMTP protocol error in "AUTH LOGIN" H=(UF2RIBjOt) [192.168.0.1] AUTH command used when not advertised [...etc...] Please let me know when you have stopped that IP from bruteforcing us so that I can remove it from the blacklist again. Thanks, *t
Good citizens of the internet
|greenserver.io||AS9009||188.8.131.52/24||2021-07-02||terminated VPS and customer within a day|
Bad citizens of the internet
|ovh.ca||AS16276||184.108.40.206/29||2021-07-02||reply with arbitrary blueprint mail asking you to jump through some arbitrary process|
|quadranet.com||AS8100||220.127.116.11/18||2021-07-02||reply with blueprint mail but no reply if action was taken|
|chinanet.cn.net||AS4134||18.104.22.168/18||2021-07-02||no reply, spam contact email@example.com bounces/is full|
|Viet Speet Ltd||AS135905||22.214.171.124/23||2021-07-09||no reply|
|microsoft.com||AS8075||126.96.36.199/16||2021-07-09||reply with blueprint mail asking you to jump through some arbitrary process|
Tomáš Pospíšek, 2021-07-17