Results 1 to 16 of 16
  1. #1

    Brute forced ssh?

    What's the best way to cut down on people trying to brute force a VPS?

    Already got a bit of iptables magic to limit ssh attempts in a given time, but is there any else I should be doing?

    And is it worth reporting the IP's to their ISP's?

  2. #2
    Join Date
    Jan 2003
    fail2ban works excellent

    BuyVM - OpenVZ & KVM Based VPS Servers - Chat with us
    - All popular VPN methods supported
    - Affordable offloaded MySQL & DDoS protection
    - 5GB backup space, unmetered private LAN bandwidth & native IPv6 included. All with a strong serving of pony

  3. #3
    Quote Originally Posted by raininglemons View Post
    What's the best way to cut down on people trying to brute force a VPS?

    Already got a bit of iptables magic to limit ssh attempts in a given time, but is there any else I should be doing?

    And is it worth reporting the IP's to their ISP's?
    That is generally good enough, but if you want to reduce this further, you should put ssh to run on a port other than the default port.
    Phoenix Dedicated Servers --
    Email: sales [at]
    Skype: iofloodsales
    Backup Storage VPS --

  4. #4
    Join Date
    May 2006
    San Francisco
    You can also turn off password authentication entirely.

  5. #5
    Cheers guys, truth be told, never really took too much time looking at configuring ssh. Always just left it at the default.

    But changing port and turning off password auth sound like a good shout. Meanwhile fail2ban seems to be working like a dream! Cheers again!

  6. #6

    I think the easiest way is by changing the ssh port

  7. #7
    Join Date
    Nov 2009
    Change your SSH port... and just make your password secure. If you have static IP, just allow your own IP.
    Diego Rodríguez B. -
    CS Student, Geek, Software Engineer, Developer

  8. #8
    Changed the port and my password is pretty secure. Do you think it's worth auto-banning anyone that attempts to use port 22? Or is that just overkill.

    It's just checking the logs, some people are relentlessly trying to get in, they won't but just concerned it might start to affect performance etc.

  9. #9
    Join Date
    Jun 2005
    New York
    I'd recommend that you install a firewall like CSF that will automatically block IPs that have multiple failed login attempts in a short period of time. You can also take other measures like changing your default SSH port, disabling root login, etc. - Hosting websites since 1999!
    Shared Hosting, Cloud Hosting, Reseller Hosting, VPS Hosting, and Dedicated Servers
    End-User Support, WHMCS, and WHMReseller Available on Reseller Plans!
    Follow us on Twitter - new special every Sunday! @XeHost

  10. #10
    Join Date
    Mar 2005
    Labrador, Canada
    Changing the port will avoid 99% of SSH attempts. It isn't any more secure but it does greatly reduce SSH attempts.

    The down side to it is that it can be confusing for users. If you're the only SSH/SCP/SFTP user then that doesn't matter.

    And if you are the only user, considering firewalling the SSH port so it only accepts connections from your IP. If you're on a dynamic IP you can firewall it to the range -- like or - which your ISP uses for dynamic IP allocation.

    Otherwise, fail2ban is a good choice.

  11. #11
    Yes, firewall is not needed to avoid the brute force attack but it definitely can improve your VPS security with firewall installed. Changing SSH port, disable the root login and enable the brute force protection is more than enough to avoid the brute force on SSH.

  12. #12
    Join Date
    Apr 2010
    on WHT
    Firewall is good and makes your VPS more secure.

  13. #13
    Join Date
    Jan 2011
    Expanding on sleddog's suggestion, you can also build yourself a SSH gateway on a $1 vps from BuyVM or another bare-metal provider. This will give you a dedicated IP out there to use when you're on the road. Allow SSH only from that (and your own computer). The gateway will also allow you to give access to another trusted person.

    Just remember not to publish the ip on your dns records. Most automated sniffers would just move on past it after its first few attempts.

  14. #14
    Join Date
    Jan 2011
    If you're the only user, it's probably also worth disabling password login entirely and setting up authentication key login.

  15. #15
    Join Date
    Jan 2011
    I actually just changed my SSH port, and removed root direct login.. It was really simple, and painless. Just dont forget to restart SSH server

  16. #16
    Join Date
    Apr 2009
    There's a tutorial about secure SSH here


Similar Threads

  1. Server compromised SSH brute attack
    By Boinkys in forum Hosting Security and Technology
    Replies: 5
    Last Post: 01-21-2011, 03:10 AM
  2. vps being brute forced
    By elvis1 in forum VPS Hosting
    Replies: 47
    Last Post: 12-10-2010, 12:45 AM
  3. Is It a SSH Brute Force?
    By arda000 in forum Hosting Security and Technology
    Replies: 10
    Last Post: 08-25-2010, 03:16 AM
  4. What is the best way to prevent against Brute Force on ssh?
    By OneBinary in forum Hosting Security and Technology
    Replies: 6
    Last Post: 04-01-2006, 11:20 AM
  5. SSH Brute force attack going around.
    By zinet in forum Dedicated Server
    Replies: 11
    Last Post: 09-20-2004, 06:44 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts