Question

Someone is trying to gain access, how do I stop it?

Posted August 24, 2015 2.3k views
Ubuntu Security Firewall

So i’m about a week into my first Digital Ocean droplet and my first server ever. I got a droplet mostly to learn the ropes and host a couple services (VPN, Teamspeak, SSH). I checked out the auth.log yesterday and noticed that someone is trying to gain access to my server (I think using brute force?). This is what my auth.log file looks like and has been going on for two days now here. I have SSH enabled so I’m pretty sure I am the only one who can gain access since I am the one who has the private key but I want to know if this person who is trying to gain access can somehow get around it or if it is causing any harm to my droplet? Also, I don’t know if it helps or not but the only user on my droplet is the root server right now and I have password authentication turned off so that you have to have the SSH key.

Add a comment
Wheatey
By:
Wheatey
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

3 answers
Kint August 24, 2015

You’re fine. As @doyle mentionned, this kind of scanning is a regular occurence on the public internet. Beebn running a personal VPS for years and my logs used to be full of failed attempts.

If you’re already using key auth only, you are fine. If you want to reduce the logs, best simple thing to do is change your port to something else. fail2ban would work here too, but changing the port is just easier.

Reply Report
doyle August 24, 2015

It happens, servers are constantly scanning for SSH servers with default passwords. All you can do is change your SSH port and install fail2ban or LFD.

Reply Report
Wheatey August 24, 2015

Thank you guys for the information, I appreciate it.

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help