New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Now an African IP connected via SSH. Should I block these continents or just not worry about it?
Are they actually logged in via ssh, or just trying to get in (ie, trying passwords, etc).
What is the output of
w
and check the ssh log file for failed logins.i think that's bots, brute forcing your ssh login
change your default ssh port,
enable firewall,
install fail2ban
Checked the logs, it's a brute force attempt. I will work on furthering the security of the VPS now. Thanks!
@lemar take a look at this, for basic security provisioning
https://github.com/joglomedia/LEMPer/blob/master/scripts/secure_server.sh
have a good day
Brute force attempt from a Chinese IP? [Yawn]
(This happens to all of us)
Not trying to break news or entertain, just seek help, which I'm grateful to the many that have taken the time to respond.
Indirectly related, you can also set SSH to exclusively use key authentication.
If you can, please try to lock down your SSH port and only whitelist IPs from which you will connect. This will significantly reduce a lot of log noise and pain to your VPS. It will also help to change the port as that will reduce the bot/script attempts (again reducing "stress" on your VPS and allowing you to look at not-so-noisy logs more carefully should you choose to not whitelist).
Needless to say, allowing only key based logins is a basic protection that you should enforce.
@lemar - ^^ this. Definitely set it to accept keys only, and disable password.