Stuck. Need help with SSH/OpenSSH/Console

April 23, 2016 561 views
Firewall Linux Basics Linux Commands Security DigitalOcean Logging Ubuntu

I'm in one hell of a pickle. I am completely new to all of this. I'm using digital ocean to host my social engine website. We hired a "programmer" to build the site for us and set everything up. As it turns out, he actually knew less than me. Recently I've been experiencing what I believe to be a SSH Brute Force attack. My site keeps crashing because of failed login attempts from random emails and IP's. I created a Digital Ocean support ticket but all I got was tutorials and step by step guides on how to set up SSH keys and stuff like that. I followed everything, i'm just very confused and the attacks are still happening. How do I stop this? I'm using my console from my Digital Ocean droplet but apparently that's wrong? I think I downloaded OpenSSH but i'm not sure how to access it. Please....any help will be greatly appreciated.

  • What exactly do you mean by "failed login attempts from random emails"? If these are SSH login attempts, you won't see any e-mail addresses. Also, by "crashing," do you mean that the login attempts are putting the server under so much load that it becomes unresponsive (i.e., you're being DOSed)? That's not something that normally happens to a random nobody's website; did you (or possibly a previous user of your server's IP address) piss someone off?

  • Thanks for your response. It all started when I went to my website to check the activity and noticed it was loading. It just simply didn't load. The site was down. DigitalOcean didn't help much. The only thing I was able to get from them was that the memory was being taken up. I noticed that the page views on my website were in the thousands. We're still in beta and I wondered why we had so many page views. I saw that we kept getting 20 page views every couple seconds. I browsed through my admin panel and noticed that in my Login History there were thousands of email addresses that were labeled "Failed Login Attempts". That's where the page views were coming from. It only stopped after I put my site in maintenance mode. We don't have any grudges or issues with anyone at all.

1 Answer

Hi, is this a WordPress site or another popular app? It's fairly common for bots to do brute force login attempts on every website they can find. So, it's unlikely to be a targeted attack against your site.

Even if you know your passwords are secure, since you're noticing memory consumption issues as a result, you probably want to block these attacks. You could try one of these tools to block brute force attacks on WordPress. Some of those, like CloudFlare, are useful even if you're not using WordPress.

  • Hey thanks for the comment. This is a SocialEngine site. It's a white label social networking platform. I'm actually using CloudFlare as of last night. But the page views keep racking up. I know it's not actual users because my website is still in a closed beta. The page views only stop when the maintenance page is up.

Have another answer? Share your knowledge.