New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
298 Failed Login Attempts on France Dedi SSH
HuntersPad
Member
in Help
Should I be concerned??! This is my FIRST time logging to my new Dedi via SSH since it was setup this morning. So These 298 Failed Logins have happened in the last 5 hours. Should I worry and get a new IP? or what I have NEVER had this issue before on any Dedi or VPS I have had.
Last failed login: Tue Aug 19 16:43:12 CEST 2014 from 211.190.x.xx on ssh:notty
There were 298 failed login attempts since the last successful login.
Comments
Change your SSH port and install Fail2Ban.
How woul> @rethinkvps said:
How would i go about changing SSH port?
Wow... I just noticed the last failed IP is from the Republic of Korea lol
I would keep the same ssh port but thats just personally but fail2ban works great also use ssh keys and not passwords.
Google "Change SSH port YOUROS" and it will be the first result.
Hire someone who can admin the system if you are unsure else this is going to end badly for you.
I have been running a few dedicated servers and VPS`s for a year now with heavy traffic websites and NOT once have I ran into anything like this.
I`m a person not a business I cant just afford to pay someone, I barely make enough with AdSense to pay for the server.
then go for managed VPS instead of dedi or use shared hosting
Managed VPS ?? Really? Shared Again really??
I`d be paying hundreds of Dollars for a managed VPS and Shared is out of the question...
I have over 600GB of Files and I do over 30+TB of BW a month...
Personally. I'd go for a vps. Something lightweight and can be picked up for pennies. Or $7 to be exact.
Please read post above ^^ $7 VPS wont cut it lol. I do 30+TB of BW each month and have 600+GB of files.
@hyelton, no offense but I doubt you have never ran into anything like this. I think it is more you never noticed it. Thats like when @Bella said he/she had not been hacked.
Have a read up on some of the honeypot and security threads on here that may point you in the right direction of steps to take.
if you don't have a license to drive a truck you hire someone to deliver your stuff for you. same rule applies here - you've no clue how to manage a server yet you MUST have one
Didn't notice this at all. I'm very sorry.
The only "Hacked" Things Ive ran into was back when I was small enough to be with Shared Accounts. But what gets me is this is a BRAND NEW Dedi nothing install at all but CentOS lol Unless I have a very known IP of some sort but Ive never had so many failed logins, I may have had 5 failed / attempted logins in a year.
I understand but I dont make a enough money to "Hire" someone. I might as well not run a server if I`m gonna have to be paying out of pocket. Wouldnt be worth it. I was just asking for advice on the failed logins as I thought it was a rediclus amount and its never happened before.
Fail2Ban seemed to have stopped it. I was averaging 3 Failed logins every few minuets now its stopped.
Here are directions on how to change ssh port on Ubuntu/Debian
Create a new user that fits to you:
Then, add your new username to file
<username> ALL=(ALL:ALL) ALL
COnfigure your ssh access to fit to the new user and disable port 22
Open this file
nano /etc/ssh/sshd_config
Edit and then, save:
If there is port 22 in ssh config, remove it
Restart SSH:
service ssh restart
Before closing session in putty, open a new to test that the new login username and port works (connect with ip:newport, new username and password for the new username)
If all went OK with disabling root access, then install fail2ban this way
Gain access to your server as sudo
sudo -su
Run this
Edit those lines:
Last thing is to restart Fail2Ban:
sudo service fail2ban restart
Hope that works for you (for centos systems, the procedure is similar. If you want details for centos, pm' me)
P.S. It would be even more secure to disable password login and use ssh keys, but I know sometimes this can cause limits to accessing for various locations and not only from office/home your servers. I think that disabling port 22 and root login, combined with fail2ban, should be OK in most of cases.
This is what I'm getting in Google:
Do you mean: Change SSH port EUROS
(Just kidding, poster means "Change SSH port --place-here-the-operating-system--"
Not sure if installing fail2ban caused a problem or the fact its CentOS 7 But Webuzo Will NOT install So Now Im having to wait prob another 12 hours for another OS Re-Install., This time hopefully they`ll do CentOS 6.5
What errors?
Or you could uninstall fail2ban and see if thats the problem? OS whipes do not magically fix issues - which 90% of the time are caused by inexperienced users.
I have installed Webuzo 30 or more times...
yum update
wget -N http://files.webuzo.com/install.sh
chmod 0755 install.sh
./install.sh
Theres NOT much that can go wrong there.....
Im assuming its to do with it running CentOS 7. Webuzo`s page says its for 5x/6x Not sure if it matters that its Centos 7 or not.
"
This is the error.
"The following errors occured :
Could not make the Webuzo binary
ERROR :
There was an error while installing Webuzo
Please check /root/webuzo-install.log for errors
Exiting Installer
"
"check /root/webuzo-install.log"
No its not as though that is the whole install script.
Again...
I have removed fail2ban and it still has an error. I did check the log. Only thing in the log I had seen was it installing no errors. But now I checked again and seen this
Which seening this
http://mirror.softaculous.com/webuzo/7/x86_64/repodata/repomd.xml
Makes me to believe it is due to it being CentOS 7. As its checking /7 and there is nothing there. Replace it with /6 and there is everything it needs
if you run a server but don't know how to change the SSH port (or how to google that question) your server will get hacked sooner or later. Just saying.
I know how to Google it.... I was just checking. Not worried about changing SSH port right now.
Update your repo that it wants manually (may have other side effects) or use a supported OS.
Please follow a basic Linux administration course. Luckly for you, a very good one has already started. And it's free.
https://www.edx.org/course/linuxfoundationx/linuxfoundationx-lfs101x-introduction-1621
And use Google, dammit!
Good luck.
Off-Topic: I really wish OneProvider had an automatic OS install, There support is sort of lacking.
For the 3rd time I asked for CentOS 6.4 or 6.5 64bit to be installed. Each time they install CentOS 7 and the last time I provided them with an 6.5 ISO.
Dictionary and Brute Force Attacks are uber common. Consider yourself extremely lucky not to have seen them in the past. Now equip yourself with the tools you need to protect against them and you won't have to worry about them in the future as much.