Login Attempts: Is this usual?

  • Posted December 10, 2013

When I ssh into my droplet, it reads out:

There were 670 failed login attempts since the last successful login.

Is this usual? Am I supposed to be concerned?


Bump. After logging out and in again, I’m seeing 9 failed attempts. Is someone trying to get in?

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Q:\ Is this usual? <br>A:\ It is usual and common on servers facing the internet. These internet facing servers are being scanned for open ports by malicious users everyday all day. <br> <br>Q:\ Am I supposed to be concerned? <br>A:\ Yes, you should be concerned as your server might get compromised. <br> <br>Tip: You can check the Failed login attempts with: <br> sudo cat /var/log/secure | grep Failed <br> <br>

<b>“Is this usual?”</b> <br> <br>Unfortunately, yes (simply Wikipedia DDoS attacks and Brute Force Attacks). <br> <br><b>"Am I supposed to be concerned?</b> <br> <br>If you care about the data on your cloud server… yes. <br> <br>Ditto on using SSH keys <b>and</b> disabling password logins. If connecting from a Windows machine, check out <a href=“”>How To Create SSH Keys with PuTTY to Connect to a VPS</a>. <br> <br>A firewall will also come in handy: <a href=“”>How to Setup a Firewall with UFW on an Ubuntu and Debian Cloud Server</a>.

I recommend installing fail2ban (see joshuataylorx’s link above) and using SSH keys while disabling password authentication: <a href=“”></a>