Ranter
Join devRant
Do all the things like
				++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
				Sign Up
			Pipeless API
 
				From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
				Learn More
			Comments
		
- 
				
				 hoggchan7899yAfter I read this post, I check on the auth.log of my vps for the first time. Unexpectedly scary.. hoggchan7899yAfter I read this post, I check on the auth.log of my vps for the first time. Unexpectedly scary..  
- 
				
				Last few nights I had massive attacks from China ^^ one server even froze because of the insane number of login attempts.
- 
				
				Install fail2ban they still try but it will block them to keep them from flooding your server. but still at any time i check there's always one blocked, I'm thinking about adding a peraban for repeat offenders
- 
				
				 Jifuna36889y@stefano haha, when I installed fail2ban I locked myself out :) I think the best way to do it is to configure key authentication. They cant crack you anymore. Oh and if you change port most bots wont even find it. Jifuna36889y@stefano haha, when I installed fail2ban I locked myself out :) I think the best way to do it is to configure key authentication. They cant crack you anymore. Oh and if you change port most bots wont even find it.
- 
				
				@Jifuna hold up you locked yourself out? What happened did you forget your password or something? and port scanners can find a changed ssh port but most script kiddies don't screw with them so its safer
- 
				
				 Jifuna36889y@jckimble I seriously dont know. I had that server for a few days and I just got into linux and server management. After all, I logged in with my phones mobile internet and fixed it. (After realizing I had too flush iptables instead of deleting fail2banπ) I learned much last year :) Jifuna36889y@jckimble I seriously dont know. I had that server for a few days and I just got into linux and server management. After all, I logged in with my phones mobile internet and fixed it. (After realizing I had too flush iptables instead of deleting fail2banπ) I learned much last year :)
- 
				
				@stefano i installed fail2ban but they attack from different ip adresses and there's nothing important on that server just some tests
- 
				
				@Jifuna Yes, that should be the best way, but also remember to disable root account and password login :)
- 
				
				@Jorenrothman If you set a higher detection interval and ban period, the number of attempts should decrease. Anyway even if you only keep tests there, I guess you wouldn't like it being part of a botnet :P
- 
				
				 Jifuna36889y@stefano yeah, I have now 4096 bit keys with passphrase and disabled password login. Still use root though. Is that bad? Jifuna36889y@stefano yeah, I have now 4096 bit keys with passphrase and disabled password login. Still use root though. Is that bad?
- 
				
				 iguana8019y@Jifuna yes. Don't permit root logon. Everyone knows the root account exists and can then focus their efforts on it. It is definitely greatly mitigated when using key based authentication, but please, use your own account and use sudo for root. sudo -i if you don't like typing sudo all the time. iguana8019y@Jifuna yes. Don't permit root logon. Everyone knows the root account exists and can then focus their efforts on it. It is definitely greatly mitigated when using key based authentication, but please, use your own account and use sudo for root. sudo -i if you don't like typing sudo all the time.
 
 Also set your SSH server to listen on a port other than 22. That will cut down on attacks a lot.
Related Rants







 My favorite xkcd
My favorite xkcd

Devil trying to hack me he failed π
undefined
hacking
devil
server
failed