I would recommend to use borgbackup - it is very convenient for security (it provides very flexible encryption options with safe defaults) and efficiency (deduplication)
This might be a way better solution in terms of performance, but I cannot imagine way to run more complicated stuff rather only blocking IP in the firewall using iptables
I have asked Cloudflare about this traffic, but support says "Cloudflare helps protect sites, and accelerate them. We do not attack sites, and our network can't be used to generate attack traffic."
They deny any malicious outgoing traffic, but after I have provided pcap dump they just ignoring me and do not reply anything. Very odd behaviour for researchers.
Probably yes, but hey! Why do Cloudflare Worker would need SSH connection establishment? I do not asking Cloudflare to block 22/tcp entirely, but all this situation is very odd - I am seeing anomaly, reported abuse to them, but no explanation why this is happening.
About password authentication I totally agreeing with you, but this is a bit out of scope of this thread.
The only purpose of this article is to know the truth what is really happening. I have never seen such many connections to the SSH even from researchers.
Maybe that's a case, but their abuse team hasn't replied anything in a 2 weeks about that after I gave them all timestamps and both source/destination IP addresses
> In addition to offer encrypted connections, each publicly available SMTP server must accept unencrypted connections according to RFC 2487 as well. So while Amazon SES should definitely support common ciphers, its current configuration shouldn't result in delays and delivery failures if there are no common ciphers between Amazon SES and another SMTP server. They also state that in their configuration:
Amazon tried unencrypted connection only 8 hours after, which is strange behaviour