Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


centos 7 vultr vps login attempts
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

centos 7 vultr vps login attempts

hey, i reinstalled os on my vps, after that when i login via putty i am getting this message-

Last failed login: Tue Oct 6 19:53:28 UTC 2020 from ip114.ip-51-254-156.eu on ssh:notty
There were 11 failed login attempts since the last successful login.

i dont know what it is and if its bad how do i stop it?

Comments

  • when vultr was create the template was receive this hits. Not neaparately this was happened inside of you vm...

    Thanked by 1fahim5001
  • @cociu said:
    when vultr was create the template was receive this hits. Not neaparately this was happened inside of you vm...

    hey man, thanks for the super fast reply. i am freaking out about this. is it okey and safe?

  • FYI - Vultr has an external firewall in their control panel. I would suggest setting port 22 to only allow the IPs you do work from. That is a quick painless thing to do. Next- you can change the SSH port to another port. There are instructions all over the internet on how to do thiss. Additionally you can setup your vps to use keys only.

    However the firewall is simple to do as a quick starting point.

    Basically someone is trying to log in to your vps. Could be a robot that just checks port 22 everywhere or perhaps the former user of the ip was a target.

  • rubenruben Member, Host Rep

    As long they are failed attempts its all good;)

    In all seriousness, the whole IPv4 space gets probed for services like SSH and if a bot sees port 22 open it will try to take over the machine. Its pretty normal to see those messages.

    Maybe consider changing the SSH Port, install Fail2ban to block IPs after x login attempts and try to use SSH with public-key authentication instead of plain passwords to keep your VM secure.

    Thanked by 1fahim5001
  • thanks man, i changed the port 22

  • Changing the port is still not a fix, you will most likely still get failed login attempts.

    To protect SSH you should do the following

    • If your main system gives you a static IP, configure a firewall to only allow your IP in SSH
    • Change port (only this is not enough)
    • SSH Public key authentication
    Thanked by 1fahim5001
  • jlayjlay Member
    edited October 2020

    @HyperK9 said:
    Changing the port is still not a fix, you will most likely still get failed login attempts.

    To protect SSH you should do the following

    • If your main system gives you a static IP, configure a firewall to only allow your IP in SSH
    • Change port (only this is not enough)
    • SSH Public key authentication

    Don't forget to set PermitRootLogin to no (or at least prohibit-password) in /etc/ssh/sshd_config

    Then use a non-privileged account to SSH in, escalate to root only when necessary

    Thanked by 1fahim5001
  • My IDS logs indicate 100k+ invalid login attempts on a weekly basis. You don't have to lose a moment's sleep over any of it, as long as services and ports are configured properly, with strict policies for handling blacklisting of offending IPs, subnets and ASNs, if required. :tongue:

  • thanks, guys, I will follow up on the suggested fixes

Sign In or Register to comment.