New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Didn't know there are so many attempts to sign in to my vps through brute force.
Hi forks.
I have bought many vps in this black friday and I never sign in once since getting them.
You know we get servers are for idling.
I didn't know there are so many attempts to sign in to my vps through brute force until getting one vps suspened.
I got one vps suspended whose password is very easy to be hacked so that the vps is used for attacking ddos. It's all my fault.
Almost vps I have were brute forced. I am very surprised
After that, I do security tasks on all my vps.
To do list after buying idling vps.
- Before security settings done, shutdown a server.
Comments
Most of those are BOTS. Changing ssh port to a non factory port helps on that.
I usually do setup right away. Part of my setup is to disable SSH password authentication. There were never any brute force attempts.
I don't change SSH port and I usually don't enable firewall.
If I can't setup right away, I also power off the server.
i would love to know why and any solutions for this too. as I have some vps having bad attempts login too.
I have recently bought a new VPS and was also getting hundreds of failed login attemtps. It's quite easy to stop though. Just have a complex and long password and change the ssh port in the configs.
Create a random named sudo user,
usermod -aG sudo username
Disable root login via ssh and change port,
sudo nano /etc/ssh/sshd_config
Port 24234
PermitRootLogin no
sudo service ssh restart
Install fail2ban and tinker
jail.local
according to your preferences,sudo apt install -y fail2ban
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Block IPs using iptables, read https://superuser.com/questions/810853
I only allow ssh via IPv6, so there are no login attempts by bots.
You can actually ignore this as long as you have ssh key only login. There are bots who keep trying to login all the time.
I recommend changing the SSH port to something other than 22 and not common like 2312 or something. Make sure the port is not reserved or any other thing. You can also disable all other unused ports.
You can also install and configure CSF firewall which will also prevent this.
Just disable password login, and enable key auth
I fucking hope so or child labor really is that cheap.
Francisco
I always install zerotier vpn on all my hosts and disable access on public interface. Even if I changed the port or anything else I got my log files big and eating my disk space.
Use Tailscale.
Somewhat off-topic, but at one point minimum wage in venezuela was like $2/month. There actually were people goldfarming in games or providing training services to make something like $0.50-$2/hour. I believe many venezuelans still do that today... Playing games to make $1/hour.
I have the big log file problem with my Asterisk server. Several GB every week. Even if I change the port, bruce force attack wouldn't stop.
If you fail2ban'd them,your logs would be smaller.
You are attacked at all times once you are online.
What @dosai said above is good but keep in mind changing the port is not really enough as it is trivial to scan open ports so the other steps are very important.
Another thing you could do is configure port knocking (you open the port by sending specific commands) https://blog.rapid7.com/2017/10/04/how-to-secure-ssh-server-using-port-knocking-on-ubuntu-linux/
More secure option is using a bastion host that you would have to login into before you reach your other servers. That's similar in principle to what @AlexTheRock does with a VPN.