Re: Undesired ssh login attempts

To: debian-user@lists.debian.org
Subject: Re: Undesired ssh login attempts
From: likcoras <likcoras@riseup.net>
Date: Sun, 10 Jun 2018 20:24:41 +0900
Message-id: <[🔎] 12481f15-aa75-0e71-48ed-7be0f234b5a6@riseup.net>
In-reply-to: <[🔎] pfivuk$mlt$1@blaine.gmane.org>
References: <[🔎] pfivuk$mlt$1@blaine.gmane.org>

On 06/10/2018 07:55 PM, deloptes wrote:
> Hi,
> I recently get many of those, which means someone found out that ssh
> external is on port 22222 and is trying to do some evil work there.
> Should I worry or do something?

> Similar for apache web server.
> I think both are secure: for ssh no users with easy password allowed to
> login and apache - no pages or stuff that would compromise.
> 
> thanks for opinion
> 
> regards
> 

Welcome to the Internet!

If you're confident of your setup, you can safely ignore them. If you're
 annoyed by the logs, you could set up something like fail2ban to block
connections from IPs that have made too many bad attempts (although this
could possibly be used to lock you out).

My recommendation is the same as Dan's, consider disabling password
login to allow only pubkey authentication. Same with the ports, I
usually don't bother with using a non-standard port since it would, at
best, only reduce the volume of attacks and not really provide any
additional security.

Same with apache, if you think your server is secure, just let it be;
there's nothing you can do, really. Maybe put your server behind some
service that stops automated/malicious access (eg. CF) if you're into
that kind of thing, I guess?

Good luck!

Reply to:

Follow-Ups:
- Re: Undesired ssh login attempts
  - From: Joe <joe@jretrading.com>

References:
- Undesired ssh login attempts
  - From: deloptes <deloptes@gmail.com>

Prev by Date: Runnlevels are not entered (LILO prompt)
Next by Date: Re: Undesired ssh login attempts
Previous by thread: Re: Undesired ssh login attempts
Next by thread: Re: Undesired ssh login attempts
Index(es):
- Date
- Thread