Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Chinese IP connected to my server via SSH?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Chinese IP connected to my server via SSH?

Here is the output of netstat -tn:

This is my first time running a VPS, should I be concerned? I use SSH keys that have only been stored locally with a strong pass key.

Comments

  • Now an African IP connected via SSH. Should I block these continents or just not worry about it?

  • Mr_TomMr_Tom Member, Host Rep

    Are they actually logged in via ssh, or just trying to get in (ie, trying passwords, etc).

    What is the output of w and check the ssh log file for failed logins.

  • i think that's bots, brute forcing your ssh login

    change your default ssh port,
    enable firewall,
    install fail2ban

  • @Mr_Tom said:
    Are they actually logged in via ssh, or just trying to get in (ie, trying passwords, etc).

    What is the output of w and check the ssh log file for failed logins.

    @masedi said:
    i think that's bots, brute forcing your ssh login

    change your default ssh port,
    enable firewall,
    install fail2ban

    Checked the logs, it's a brute force attempt. I will work on furthering the security of the VPS now. Thanks!

  • @lemar take a look at this, for basic security provisioning

    https://github.com/joglomedia/LEMPer/blob/master/scripts/secure_server.sh

    have a good day

    Thanked by 1Mxl
  • @lemar said: This is my first time running a VPS, should I be concerned?

    Brute force attempt from a Chinese IP? [Yawn]

    (This happens to all of us)

  • @angstrom said:

    @lemar said: This is my first time running a VPS, should I be concerned?

    Brute force attempt from a Chinese IP? [Yawn]

    (This happens to all of us)

    Not trying to break news or entertain, just seek help, which I'm grateful to the many that have taken the time to respond.

    Thanked by 3angstrom 479555 user123
  • Indirectly related, you can also set SSH to exclusively use key authentication.

    Thanked by 2479555 lemar
  • If you can, please try to lock down your SSH port and only whitelist IPs from which you will connect. This will significantly reduce a lot of log noise and pain to your VPS. It will also help to change the port as that will reduce the bot/script attempts (again reducing "stress" on your VPS and allowing you to look at not-so-noisy logs more carefully should you choose to not whitelist).

    Needless to say, allowing only key based logins is a basic protection that you should enforce.

    Thanked by 1lemar
  • @SteveMC said:
    Indirectly related, you can also set SSH to exclusively use key authentication.

    @lemar - ^^ this. Definitely set it to accept keys only, and disable password.

    Thanked by 1lemar
Sign In or Register to comment.