Security: many breakin attempts on new linode

Hello,

I'm new to linode and have installed Logwatch. I've followed all the usual security settings (iptables, fail2ban, lockdown ssh, etc) and my daily logwatch report is a file with about two thousand lines - mostly failed breakin attempts looking like this:

 message repeated 4 times: [ Failed password for root from 222.186.34.73 port 2074 ssh2] : 1 time(s)

(it's never more than "4 times")

Is this normal? Is there something else I should be doing about this?

There are also about a dozen entries like this:

    Failed logins from:
      222.186.34.73: 506 times
          root/password: 506 times

…and:

    Illegal users from:
    83.165.159.107 (107.159.165.83.dynamic.reverse-mundo-r.com): 69 times
       admin: 21 times

…So I'm wondering if there's anything else that can be done about these attempted breakins…

Useful help is appreciated…

3 Replies

In sshd_config:

PermitRootLogin no
# Upload a public key and disable other authentication methods
ChallengeResponseAuthentication no
KbdInteractiveAuthentication no
PasswordAuthentication no

Thanks for this advice! It was good advice; it works!

I'm new to security on a server …was lots of work at first but my sites are quite secure now.

Another minor change that helps, is to change the default port from 22 to something higher like 12555 or whatever you prefer.

This does not help against someone scanning for open ports, but it helps against automated attacks at port 22, so that reduces hits to sshd by 80%.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct