Recently, when my partner logged on a recently created CentOS server hosted at Digital Ocean, he saw the following messages:
Last failed login: Tue Jul 29 16:27:31 EDT 2014 from stuff2share.net on ssh:notty
There were 20 failed login attempts since the last successful login
Clearly that wasn't us trying to log in. Obviously, there was some malicious user(s) likely trying to enter our server with brute-force attacks. We were under a ssh brute force attack. Such malicious scan is not uncommon these days. It came just a couple days after our new server was up.
I learned a few good ways to prevent this:
- Change default SSH port,
- Only use SSH keys (and disable password authentication), and
- Use fail2ban
SSH Brute Force – The 10 Year Old Attack That Still Persists
SSH Passwordless Login Using SSH Keygen in 5 Easy Steps
Fail2Ban
HOW TO: SSH Aliases
Running Commands on a Remote Linux / UNIX Host
No comments:
Post a Comment
If you have any doubts or questions, please let us know.