Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
How to check the disk usage of all running Docker containers? Question Question
How can I use a droplet with a VPN router? Linksys3200ACM Question Question

Question

There were 445 failed login attempts since the last successful login.

Posted September 21, 2015 11.9k views
Linux BasicsVPN

I just create a new droplet a few minutes ago, I installed nginx and setup SSH keys to conect through PuTTY, and for my surprise when I login in my SSH Console, in the message I get:

“There were 445 failed login attempts since the last successful login.”

It is very strange to me, I create my droplet a few minute ago, It will be any hacker with bruteforce trying a invasion??

Add a comment
nayzash
By:
nayzash

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
How to check the disk usage of all running Docker containers? Question Question
How can I use a droplet with a VPN router? Linksys3200ACM Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers
prudentmav September 21, 2015

Sounds like you should take care of a few things. If you are using SSH keys, remove password login. Then install Fail2ban.

in /etc/ssh/sshd_config change the following lines so they match this:
ChallengeResponseAuthentication no
PasswordAuthentication no

Then follow the steps in the “Configuring a Basic Firewall” section here - https://www.digitalocean.com/community/tutorials/additional-recommended-steps-for-new-ubuntu-14-04-servers

Then install Fail2ban - https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04

This is all assuming you are using Ubuntu 14.04

How To Protect SSH with Fail2Ban on Ubuntu 14.04
by Justin Ellingwood
Fail2ban is a daemon that can be run on your server to dynamically block clients that fail to authenticate correctly with your services repeatedly. This can help mitigate the affect of brute force attacks and illegitimate users of your services. In this guide, we'll show demonstrate how to install and configure fail2ban to protect SSH and Nginx on an Ubuntu 14.04 server.
Reply Report
Woet September 21, 2015

Yes, bruteforcing SSH is very common. Disable password authentication and use public keys.

Reply Report

Related

Looking for something else?

Ask a new question Search for more help