[tor-relays] Relay failed logins
Spiros Andreou
mail at spiros.io
Sat Feb 24 19:54:42 UTC 2018
Hi Olaf,
SSH brute force attacks are commonplace on any internet facing server with port 22 open. You have a number of countermeasure options:
1) install fail2ban which will block anyone who fails a login 3 times
2) move SSH to a non standard port (preferably >1000)
3) reconfigure SSH to only allow login with keys instead of passwords - generate and successfully test login with a key first before you set this option
4) change the firewall to only allow logins from a specified IP address (yours if you have a static IP)
I recommend if you can that you implement all of these measures as they will improve your security and stop the attacks filling up your logfiles.
S
On February 24, 2018 7:36:16 PM UTC, Olaf Grimm <jeep665 at posteo.de> wrote:
>Dear guys,
>
>
>I am now on my server with SSH and get the message during login:
>
>...
>
>Last failed login: Sat Feb 24 14:22:47 EST 2018 from 5.188.10.179 on
>ssh:notty
>There were 1343 failed login attempts since the last successful login.
>
>...
>
>
>This simple relay (no exit) is online since less days. Location
>Moldavia
>/ Trabia Network; VPS
>
>Is this amount of attacks regular? In the past i had a log file of 12MB
>on an other server - all failed logins.
>
>It is not a problem. It is only for my feeling "Ok, That's right!".
>
>Nickname node49c
>
>
>Olaf
>
>
>_______________________________________________
>tor-relays mailing list
>tor-relays at lists.torproject.org
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
--
Spiros Andreou
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180224/9ae16542/attachment-0001.html>
More information about the tor-relays
mailing list