Question

There were 445 failed login attempts since the last successful login.

Posted September 21, 2015 8.1k views
Linux Basics VPN

I just create a new droplet a few minutes ago, I installed nginx and setup SSH keys to conect through PuTTY, and for my surprise when I login in my SSH Console, in the message I get:

“There were 445 failed login attempts since the last successful login.”

It is very strange to me, I create my droplet a few minute ago, It will be any hacker with bruteforce trying a invasion??

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

2 answers

Sounds like you should take care of a few things. If you are using SSH keys, remove password login. Then install Fail2ban.

in /etc/ssh/sshd_config change the following lines so they match this:
ChallengeResponseAuthentication no
PasswordAuthentication no

Then follow the steps in the “Configuring a Basic Firewall” section here - https://www.digitalocean.com/community/tutorials/additional-recommended-steps-for-new-ubuntu-14-04-servers

Then install Fail2ban - https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04

This is all assuming you are using Ubuntu 14.04

by Justin Ellingwood
Fail2ban is a daemon that can be run on your server to dynamically block clients that fail to authenticate correctly with your services repeatedly. This can help mitigate the affect of brute force attacks and illegitimate users of your services. In this guide, we'll show demonstrate how to install and configure fail2ban to protect SSH and Nginx on an Ubuntu 14.04 server.

Yes, bruteforcing SSH is very common. Disable password authentication and use public keys.

Submit an Answer