You can use honeypot that bait hackers . I am running a non-intrusive one where you put baits in your servers or laptop, when hackers see it, they'll try to use them.
Nice analysis! You should protect your infra to avoid this kind of scanning:
- Disable password login for SSH, use keys instead.
- Limit access to known IPs (with a managed vpn)
- Use Cloudflare: Their WAF is really good
- Forward logs to an other service that can analysis logs (datadog is nice)
shameless plug: started a small honeypot service[1] if anyone would need it as a last resort[1] to catch hackers in your servers . Feedbacks appreciated!
