Login Attempts: Is this usual?

Posted December 10, 2013 14.9k views
When I ssh into my droplet, it reads out: There were 670 failed login attempts since the last successful login. Is this usual? Am I supposed to be concerned?
1 comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
4 answers
Change the SSH port, try fail2ban:
by Etel Sverdlov
fail2ban provides a way to automatically protect virtual servers from malicious behavior. This tutorial shows you how to install Fail2Ban, copy the Configuration File, configure the fail2ban defaults, and find out how to configure the ssh defaults. This tutorial describes the required steps to set up fail2ban on Ubuntu.
I recommend installing fail2ban (see joshuataylorx's link above) and using SSH keys while disabling password authentication:
"Is this usual?"

Unfortunately, yes (simply Wikipedia DDoS attacks and Brute Force Attacks).

"Am I supposed to be concerned?

If you care about the data on your cloud server... yes.

Ditto on using SSH keys and disabling password logins. If connecting from a Windows machine, check out How To Create SSH Keys with PuTTY to Connect to a VPS.

A firewall will also come in handy: How to Setup a Firewall with UFW on an Ubuntu and Debian Cloud Server.
by Shaun Lewis
Learn how to setup a firewall with UFW on an Ubuntu / Debian cloud server.
Q:\ Is this usual?
A:\ It is usual and common on servers facing the internet. These internet facing servers are being scanned for open ports by malicious users everyday all day.

Q:\ Am I supposed to be concerned?
A:\ Yes, you should be concerned as your server might get compromised.

Tip: You can check the Failed login attempts with:
sudo cat /var/log/secure | grep Failed