Someone is trying to gain access, how do I stop it?

August 24, 2015 687 views
Firewall Security Ubuntu

So i'm about a week into my first Digital Ocean droplet and my first server ever. I got a droplet mostly to learn the ropes and host a couple services (VPN, Teamspeak, SSH). I checked out the auth.log yesterday and noticed that someone is trying to gain access to my server (I think using brute force?). This is what my auth.log file looks like and has been going on for two days now here. I have SSH enabled so I'm pretty sure I am the only one who can gain access since I am the one who has the private key but I want to know if this person who is trying to gain access can somehow get around it or if it is causing any harm to my droplet? Also, I don't know if it helps or not but the only user on my droplet is the root server right now and I have password authentication turned off so that you have to have the SSH key.

3 Answers

It happens, servers are constantly scanning for SSH servers with default passwords. All you can do is change your SSH port and install fail2ban or LFD.

You're fine. As @doyle mentionned, this kind of scanning is a regular occurence on the public internet. Beebn running a personal VPS for years and my logs used to be full of failed attempts.

If you're already using key auth only, you are fine. If you want to reduce the logs, best simple thing to do is change your port to something else. fail2ban would work here too, but changing the port is just easier.

Thank you guys for the information, I appreciate it.

Have another answer? Share your knowledge.