Question

Stuck. Need help with SSH/OpenSSH/Console

I’m in one hell of a pickle. I am completely new to all of this. I’m using digital ocean to host my social engine website. We hired a “programmer” to build the site for us and set everything up. As it turns out, he actually knew less than me. Recently I’ve been experiencing what I believe to be a SSH Brute Force attack. My site keeps crashing because of failed login attempts from random emails and IP’s. I created a Digital Ocean support ticket but all I got was tutorials and step by step guides on how to set up SSH keys and stuff like that. I followed everything, i’m just very confused and the attacks are still happening. How do I stop this? I’m using my console from my Digital Ocean droplet but apparently that’s wrong? I think I downloaded OpenSSH but i’m not sure how to access it. Please…any help will be greatly appreciated.

Subscribe
Share

Thanks for your response. It all started when I went to my website to check the activity and noticed it was loading. It just simply didn’t load. The site was down. DigitalOcean didn’t help much. The only thing I was able to get from them was that the memory was being taken up. I noticed that the page views on my website were in the thousands. We’re still in beta and I wondered why we had so many page views. I saw that we kept getting 20 page views every couple seconds. I browsed through my admin panel and noticed that in my Login History there were thousands of email addresses that were labeled “Failed Login Attempts”. That’s where the page views were coming from. It only stopped after I put my site in maintenance mode. We don’t have any grudges or issues with anyone at all.

What exactly do you mean by “failed login attempts from random emails”? If these are SSH login attempts, you won’t see any e-mail addresses. Also, by “crashing,” do you mean that the login attempts are putting the server under so much load that it becomes unresponsive (i.e., you’re being DOSed)? That’s not something that normally happens to a random nobody’s website; did you (or possibly a previous user of your server’s IP address) piss someone off?


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hi, is this a WordPress site or another popular app? It’s fairly common for bots to do brute force login attempts on every website they can find. So, it’s unlikely to be a targeted attack against your site.

Even if you know your passwords are secure, since you’re noticing memory consumption issues as a result, you probably want to block these attacks. You could try one of these tools to block brute force attacks on WordPress. Some of those, like CloudFlare, are useful even if you’re not using WordPress.