Getting Attacked over SSH

Hello

My Server (Ubuntu 14.04) running with VestaCP on it. He is up and running now live since around 2 Days. I never posted the Domain or the IP of the server public.

Today I configurated fail2ban on my VPS. I tried to block all unsecure ways to gain access to my server like ftp etc…

At the moment I get all 1 Hour some Email from FAil2ban that someone is trying to gaing access with root via ssh.

Like the example down. by researching in the internet I found out that these are proxys…

How to handle this the best way? When I block them they just use the next proxy…

IP’s trying attack 220.177.198.27 122.228.206.87 122.225.97.69

Thanks for a feedback regards

swisscenturion

"Hi,

The IP 122.225.97.69 has just been banned by Fail2Ban after 6 attempts against ssh.

Here are more information about 122.225.97.69:

% [whois.apnic.net] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

% Information related to ‘122.225.97.64 - 122.225.97.127’

inetnum: 122.225.97.64 - 122.225.97.127 netname: WENZHOU-GAOJIE-CO country: CN descr: WENZHOU GAOJIE TECHNOLOGY CO.LTD descr: admin-c: SL2710-AP tech-c: CH119-AP mnt-irt: IRT-CHINANET-ZJ status: ASSIGNED NON-PORTABLE changed: auto-dbm@dcb.hz.zj.cn 20101212 mnt-by: MAINT-CN-CHINANET-ZJ-HU source: APNIC

irt: IRT-CHINANET-ZJ address: Hangzhou, 288 fucun Road, China e-mail: lfliu@pubinfo.com.cn abuse-mailbox: antispam@dcb.hz.zj.cn admin-c: CZ61-AP tech-c: CZ61-AP auth: # Filtered mnt-by: MAINT-CHINANET-ZJ changed: auto-dbm@dcb.hz.zj.cn 20101129 source: APNIC

role: CHINANET-ZJ Huzhou address: No.18 Hongqi Road,Huzhou,Zhejiang.313000 country: CN phone: +86-572-2022163 fax-no: +86-572-2210609 e-mail: anti_spam@mail.huptt.zj.cn remarks: send spam reports to anti_spam@mail.huptt.zj.cn remarks: and abuse reports to anti_spam@mail.huptt.zj.cn remarks: Please include detailed information and times in UTC admin-c: CH50-AP tech-c: CH50-AP nic-hdl: CH119-AP mnt-by: MAINT-CHINANET-ZJ changed: master@dcb.hz.zj.cn 20031204 source: APNIC changed: hm-changed@apnic.net 20111114

person: Shengzhong Liu nic-hdl: SL2710-AP e-mail: anti_spam@mail.huptt.zj.cn address: lanjiang Software Park B3009,Lanjiang Road 188, Airport Road, Wenzhou phone: +86-13738375522 phone: +86-577-88800077 country: CN changed: auto-dbm@dcb.hz.zj.cn 20110815 mnt-by: MAINT-CN-CHINANET-ZJ-HU source: APNIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (WHOIS2)

Lines containing IP:122.225.97.69 in /var/log/auth.log

Oct 27 10:19:37 MSA01Panel sshd[7230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.225.97.69 user=root Oct 27 10:19:39 MSA01Panel sshd[7230]: Failed password for root from 122.225.97.69 port 55525 ssh2 Oct 27 10:19:42 MSA01Panel sshd[7230]: Failed password for root from 122.225.97.69 port 55525 ssh2 Oct 27 10:19:45 MSA01Panel sshd[7230]: Failed password for root from 122.225.97.69 port 55525 ssh2 Oct 27 10:19:47 MSA01Panel sshd[7230]: Failed password for root from 122.225.97.69 port 55525 ssh2 Oct 27 10:19:49 MSA01Panel sshd[7230]: Failed password for root from 122.225.97.69 port 55525 ssh2 Oct 27 10:19:52 MSA01Panel sshd[7230]: Failed password for root from 122.225.97.69 port 55525 ssh2 Oct 27 10:19:52 MSA01Panel sshd[7230]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.225.97.69 user=root"