Power up with new SaaS Add-Ons from the DigitalOcean Marketplace

Related

Installing PHP-FPM with Apache2 on Ubuntu 12.10
Question
Ubuntu mail server using ISPConfig 3 setup errors
Question

Question

Someone is trying to gain access, how do I stop it?

So i’m about a week into my first Digital Ocean droplet and my first server ever. I got a droplet mostly to learn the ropes and host a couple services (VPN, Teamspeak, SSH). I checked out the auth.log yesterday and noticed that someone is trying to gain access to my server (I think using brute force?). This is what my auth.log file looks like and has been going on for two days now here. I have SSH enabled so I’m pretty sure I am the only one who can gain access since I am the one who has the private key but I want to know if this person who is trying to gain access can somehow get around it or if it is causing any harm to my droplet? Also, I don’t know if it helps or not but the only user on my droplet is the root server right now and I have password authentication turned off so that you have to have the SSH key.

Subscribe
Share
doyleAugust 24, 2015

This comment has been deleted

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Joël DinelAugust 24, 2015

You’re fine. As @doyle mentionned, this kind of scanning is a regular occurence on the public internet. Beebn running a personal VPS for years and my logs used to be full of failed attempts.

If you’re already using key auth only, you are fine. If you want to reduce the logs, best simple thing to do is change your port to something else. fail2ban would work here too, but changing the port is just easier.

Joël DinelAugust 24, 2015

You’re fine. As @doyle mentionned, this kind of scanning is a regular occurence on the public internet. Beebn running a personal VPS for years and my logs used to be full of failed attempts.

If you’re already using key auth only, you are fine. If you want to reduce the logs, best simple thing to do is change your port to something else. fail2ban would work here too, but changing the port is just easier.

doyleAugust 24, 2015

It happens, servers are constantly scanning for SSH servers with default passwords. All you can do is change your SSH port and install fail2ban or LFD.

WheateyAugust 24, 2015

Thank you guys for the information, I appreciate it.

Join the DigitalOcean CommunityCommunity

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner

Related

Installing PHP-FPM with Apache2 on Ubuntu 12.10
Question
Ubuntu mail server using ISPConfig 3 setup errors
Question
Join the DigitalOcean CommunityCommunity

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner