I have followed several threads regarding security measures with some interest. I have made a few small changes and I am wondering if a test that I am contemplating will make me target in the future.
First some background: I am still using user 'pi' with a strong password. I have just one port forwarded to a Pi zero which is running Apache on a high but non-standard port number. The Pi has just php and html files in /var/www, which I want to be accessible from any of my friends' browsers on their remote computers. I have installed fail2ban on my Pi and have tested it successfully by trying ssh with a wrong password from a machine on my local network. I don't have port 22 forwarded through my router at the moment
I am now contemplating temporarily forwarding port 22 to my Pi, just to see if I do get attacks detected by fail2ban. When I changed ISP my IP address stayed the same for over 3 years, even though it was not guaranteed to be a static address, it behaved like one for those years. 2 months ago the IP address changed and my ISP's rep told me it was likely to change every 2 or 3 weeks. That has not happened, even though I have tried to provoke a change by turning the router off for a while. I think this IP address is likely to stay for a long period. ( I have got a cron job which takes care of keeping my dtdns symbolic address up to date in the event of a change).
My question is : will my opening up port 22 for ssh on my Pi with the semi-permanent IP address make that address a target for ne'er-do-wells and badbots in the future? Playing devil's advocate I can only think that lists of ip addresses with open ssh ports are shared amongst the hacker community