Security: many breakin attempts on new linode
I'm new to linode and have installed Logwatch. I've followed all the usual security settings (iptables, fail2ban, lockdown ssh, etc) and my daily logwatch report is a file with about two thousand lines - mostly failed breakin attempts looking like this:
message repeated 4 times: [ Failed password for root from 222.186.34.73 port 2074 ssh2] : 1 time(s)
(it's never more than "4 times")
Is this normal? Is there something else I should be doing about this?
There are also about a dozen entries like this:
Failed logins from:
222.186.34.73: 506 times
root/password: 506 times
…and:
Illegal users from:
83.165.159.107 (107.159.165.83.dynamic.reverse-mundo-r.com): 69 times
admin: 21 times
…So I'm wondering if there's anything else that can be done about these attempted breakins…
Useful help is appreciated…
3 Replies
PermitRootLogin no
# Upload a public key and disable other authentication methods
ChallengeResponseAuthentication no
KbdInteractiveAuthentication no
PasswordAuthentication no
I'm new to security on a server …was lots of work at first but my sites are quite secure now.
This does not help against someone scanning for open ports, but it helps against automated attacks at port 22, so that reduces hits to sshd by 80%.