Portal Home > Knowledgebase > Articles Database > Is It a SSH Brute Force?
Is It a SSH Brute Force?
| Posted by arda000, 08-24-2010, 05:32 AM |
| I've just typed tail -n 130 var/log/secure
and I saw a lot of IPs that I don't know. Is it a SSH brute force attack? (This server is empty. No sites hosting currently)
|
| Posted by sysgallery, 08-24-2010, 05:51 AM |
| Best way is to install apf and bfd or else you can block that IP from where the connection attempts are going on.
|
| Posted by NetHosted-Darryl, 08-24-2010, 05:51 AM |
| Yes, I suggest you install BFD - http://www.rfxn.com/projects/brute-force-detection/
|
| Posted by InoxHost, 08-24-2010, 06:00 AM |
| Change your ssh port as well. You can disable direct root login and can add ssh keys too. It will ensure security of your server.
|
| Posted by arda000, 08-24-2010, 06:28 AM |
| Thanks Just Installed APF + BFD
A little problem is;
I've just started APF and I cannot react to directadmin:2222
in /etc/apf/conf.apf where do I have to add port 2222 ??
Thanks
|
| Posted by sysgallery, 08-24-2010, 06:32 AM |
| A detailed description is at
http://www.directadmin.com/forum/showthread.php?t=14500
|
| Posted by arda000, 08-24-2010, 06:36 AM |
| Thanks
I've got mail from BFD and sent me the list of attacker IPs
How can I block these attacker IPs on BFD?
|
| Posted by WHR-Abner, 08-24-2010, 07:37 AM |
| Hi,
You can do this through command line using the command apf -d . Check apf --help for more options. Also, mod_evasive, will automatically block IPs if they open too many connections.
|
| Posted by haind, 08-24-2010, 10:56 AM |
| Change SSH port to other, more 1000, as 8888
|
| Posted by arda000, 08-24-2010, 12:04 PM |
| To change port I have to delete "#" before port xxx?
And for example I changed my port to 350. In terminal I will login like;
Is that right?
By the way Do I have to remove port 22 and add port 530 on APF?
|
| Posted by haind, 08-25-2010, 03:16 AM |
| Yes, recommend you change to high port, > 1000
|
Add to Favourites 
Print this Article
Also Read
