Attacks on FreedomBox from Around the World?


Yeah, I’m not so sure on that one, you might want to reach out to the FBX devs, either here, or on the freedombox chat room at, or via email, if you can find their email address(es). Ask them which key(s) FBX uses for authentication, and if it is application specific, i.e. ssh uses your user key, and other applications use the system key, etc. I think @Avron 's last post (the one right before this one) may be prudent to attempt as well.


Sorry for this reply being out of order, I saw it after posting about @doliver10 's last question. I did not, but if someone doesn’t want them to continue performing these scans, it seems that it would be a good idea to “opt out”, since it would probably make the administrator’s life a little easier when reviewing their system logs, as long as the entities performing the scans are legitimate, otherwise it might get you spammed even more… One last thing, @doliver10 , thanks for the “heads up” on that Ghidra thing, where did you find that info at?

Thanks for the info. Yes I did see this when I used whois to find the location of the hundred or so IP addresses, but the majority were not so innocuous looking. I opted out of this one but others don’t have an option, and most are not in English.

@doliver10 this article reminded me of your situation. :laughing:


I just turned off the secure shell server. I don’t use it anyway.

Sorry for the late response to your question. The Ghidra thing is at

The NSA denies that there is a backdoor but the program does use encrypted packets and opens a port. Google “Ghidra bug door”, it does open a port, but it’s avoidable but why would the program do that?

No Worries, and Thank You for the Info. The only reason I can think of a program doing that without consent from the sysadmin would probably be for nefarious purposes. It is definitely something to keep an eye on…

Show me your DNSSEC config, here is mine. | DNSViz
You cannot learn anything unless you learned to create and maintain something 100% compliant of the RFCs… the baseline.

If you cannot even match the upstream baseline…
My console is here, and I pin it to IPv6-only. All attacks on IPv4 are blocked at the DMZ, nothing gets through.

You may install and configure endlessh. It’s not necessary, but it is very satisfying :grin: