Question

A host from china try to ssh into my VM continuously

Posted January 5, 2015 2.8k views

I’ve banned him and the attacker’s IP address is: 122.225.103.103.

Add a comment
houcheng
By:
houcheng
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

2 answers
gndo January 5, 2015

Welcome to the wild wild west version 2.0.

You’re bound to have all sorts of attackers that spoof their IP address. You may want to look at fail2ban to deal with attempted breakins. Also, look into key only ssh login instead of password authenticated logins.

How Fail2Ban Works to Protect Services on a Linux Server
by Justin Ellingwood
Fail2ban is a daemon that can be used to monitor the logs of services and ban clients that repeatedly fail authentication checks. It is a great tool to help protect against brute force attacks and malicious users. In this guide, we'll discuss how fail2ban works and how you can leverage its configuration structure to modify or extend its functionality.
Reply Report
Starbs January 6, 2015

fail2ban solves all (oh, and server passwords are sin, use keyfiles c:)

Reply Report
Submit an Answer

Looking for something else?

Ask a new question Search for more help