Week 1 – Hosting + Firewall Log

Setting up the virtual host using Digital Ocean was pretty easy and straight forward. I didn’t start running into issues until I got to running things on the command line of Terminal. The first problem being, I didn’t receive the email that would have said the IP address, username, and password of my droplet, so when I had to enter the password in Terminal, at first I wasn’t sure what to do. I attempted to use the password I created when I made the droplet, but that didn’t work. I asked one of my classmates if she had run into the same issue as well, and she said she did and used the password she made with her droplet. So I went back to try it again, and then it didn’t prompt me for a password (I think maybe it took the password when I typed it the first time) and it let me through and connected successfully and showed the text “The authenticity of host …”.

I continued through the steps of logging into it and adding a user. I ran into a couple more bumps in the road when setting up the firewall and installing ufw. Most of which was just navigating through the terminal – when needing to copy and paste the rules for iptables – but eventually I got through it and was able to finish and log out.

Following the video about firewall log searching, I have been trying to login to my host for the past few days and keep getting the error ‘ssh: connect to host 167.99.225.109 port 22: Connection refused’ and other various things about sudo commands not working. I have office hours today, but before then, I have been googling and googling how to trouble shoot this. Something is wrong with my Port 22 not listening.

I went through a lot of troubleshooting and googling — trying to find out why the sudo command wasn’t working, why I couldn’t get the ufw status, how I could open Port 22, etc.

I got to the point of using the recovery console through Digital Ocean and changed the root password before I had office hours with Tom.

I had an option to just trashing the droplet and creating a new one, but thankfully we went through some more troubleshooting because I have become emotionally attached to my droplet named ‘bread’ since we have been through so much together. Jokes.

We did some troubleshooting using the recovery console and also trying it in Terminal. We found that I had an instance of iptables and also ufw that seemed to be blocking or butting heads with each other which made the port unable to be accessed. We trashed iptables, and doing so also trashed ufw, so reinstalled ufw and was finally able to access the firewall log — thanks Tom!

At this point, I was finally able to continue with looking at and sorting through who has tried to access my host.

At this point in time after resetting ufw, so about two and a half hours, there have been 439 attempts.

Here is the link to the google sheet. I was able to count how many different IP addresses tried to access it, as well as what all the unique IP addresses were. I’m trying to find a way to count how many times each unique IP address tried to connect.

Leave a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: