Related

How did my database got hacked ? Question Question
Connect to DB installed into dedicated VPS (private networking) Question Question

Question

Random IPs trying to get in

Posted July 24, 2016 3.4k views
SecurityMonitoring

Hello,

I created a droplet 2 months ago and I did the basic things like configuring the firewall, setup ssh to only accept public key auth and stuff.
Last night I was inspecting the logs located at /var/log/auth.log and /var/log/ufw.log and I noticed that there are a lot of IPs trying to access telnet, ssh (using brute force with random login names) and there are also some attempt to connect to some random TCP ports.

Should I be worried? Is this “normal” ?

Btw: My firewall is configure to drop all incoming packets (except ssh).

Thank you

Add a comment
cabelitos
By:
cabelitos
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers
ForYourIT July 26, 2016

You can improve and reduce the attack attempts by:

  • Disabling password passed authentication and using RSA SSH keys
  • Configurig your firewall and ssh to only allow your IP (you need to have a static IP)
  • Using 2FA, for example 2FA of Google
  • Changing the SSH port
  • Disable root Login via SSH
  • Using a software that prevents DDOS attacks like DenyHosts or fail2ban
Reply Report
rascul July 24, 2016

This is to be expected. Disabling password based authentication in sshd_config makes this a non issue.

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help