- Published on
sudo journalctl -f
see live sshd failed logs like:
```
audit[249667]: USER_LOGIN pid=249667 uid=0 auid=4294967295 ses=4294967295 msg='op=login acct="(unknown)" exe="/usr/sbin/sshd" hostname=? addr=212.71.249.251 terminal=ssh res=failed'
```
and it just not stop
fuck it.
let's block the ip `212.71.249.251` first, do not just block the IP, fuck it, just block the whole C subnet
...