New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Should I be worried?
zombiekiller753
Member
in Help
Hot damn
Comments
fail2ban.
Looks like a brute force to me. Just use a SSH key and you'll be fine.
Move SSH off of port 22 and you'll stop 99.9% of these, install CSF or fail2ban to stop the rest.
@nunim I second that. Should be a first / provis. step imho.
That's all? That was probably just one IP. I swear some of my boxes get hit like a $2 hooker at a community college.
Well, that settles it. I'm transferring out of my state university to a community college, the hookers here are too expensive.
The new port should not be > 1024 also I think.
You guys just made my day with that.
It looks like someone used your server from Kolkata,India.
Contact your provider.
@zombiekiller753 are you from west bengal ?
It's a failed login attempt, not last login. Also, assuming it's an unmanaged box, a provider wouldn't help with this.
Change SSH port, add your SSH key & then disable password authorization
That's news to me, why is that?
Bad practice to get into. Any user can create a socket that listens up that high. They could create an ssh look alike and grab passwords.
Basically don't have any other users on your server that could be malicious and have SSH running on port 1025, okay?
Yes, makes sense. I knew that below 1024 could only be accessed as root but didn't think about other users spoofing SSH ports. Thanks!