Question
I'm told there were 47183 failed login attempts since the last successful login.
- Posted February 6, 2015
I logged in today and saw “There were 47183 failed login attempts since the last successful login.”
What precautions should I be taking?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
I disabled my root account and made another account with root privileges, and the problem has been fixed.
This comment has been deleted
switch your ssh port to something non standard like 2222 problem gone. It’s just robots.
Make sure you are using a strong password on each of your accounts, and preferably use SSH key authentication (and force it to be used, by disabling password authentication) for communicating with your droplet.
Try DigitalOcean for free
Click below to sign up and get $100 of credit to try our products over 60 days!
Bump this up. I also just saw a client’s vps has 116097 failed login attempts since the last successful login.
This does appear like a hacker trying to break into D.O. boxes, as there appear to be several similar threads in this same forum.
Edit: Seem to mostly be those with port 22 open. I would ensure you have the latest Open SSL packages, with remote password-login for root disabled (only use pubkey authentication, with a password). If possible, white-list 22 port to known IP addresses using your firewall.