Results 1 to 16 of 16
  1. #1

    Brute forced ssh?

    What's the best way to cut down on people trying to brute force a VPS?

    Already got a bit of iptables magic to limit ssh attempts in a given time, but is there any else I should be doing?

    And is it worth reporting the IP's to their ISP's?

  2. #2
    Join Date
    Jan 2003
    Location
    Canada
    Posts
    4,845
    fail2ban works excellent

    Francisco
    BuyVM - OpenVZ & KVM Based VPS Servers - Chat with us
    - All popular VPN methods supported
    - Affordable offloaded MySQL & DDoS protection
    - 5GB backup space, unmetered private LAN bandwidth & native IPv6 included. All with a strong serving of pony

  3. #3
    Quote Originally Posted by raininglemons View Post
    What's the best way to cut down on people trying to brute force a VPS?

    Already got a bit of iptables magic to limit ssh attempts in a given time, but is there any else I should be doing?

    And is it worth reporting the IP's to their ISP's?
    That is generally good enough, but if you want to reduce this further, you should put ssh to run on a port other than the default port.
    Phoenix Dedicated Servers -- IOFLOOD.com
    Email: sales [at] ioflood.com
    Skype: iofloodsales
    Backup Storage VPS -- 1TBVPS.com

  4. #4
    Join Date
    May 2006
    Location
    San Francisco
    Posts
    7,200
    You can also turn off password authentication entirely.

  5. #5
    Cheers guys, truth be told, never really took too much time looking at configuring ssh. Always just left it at the default.

    But changing port and turning off password auth sound like a good shout. Meanwhile fail2ban seems to be working like a dream! Cheers again!

  6. #6
    Hello,

    I think the easiest way is by changing the ssh port

  7. #7
    Join Date
    Nov 2009
    Location
    Colombia
    Posts
    2,143
    Change your SSH port... and just make your password secure. If you have static IP, just allow your own IP.
    Diego Rodríguez B. - https://diegorbaquero.com
    CS Student, Geek, Software Engineer, Developer

  8. #8
    Changed the port and my password is pretty secure. Do you think it's worth auto-banning anyone that attempts to use port 22? Or is that just overkill.

    It's just checking the logs, some people are relentlessly trying to get in, they won't but just concerned it might start to affect performance etc.

  9. #9
    Join Date
    Jun 2005
    Location
    New York
    Posts
    2,882
    I'd recommend that you install a firewall like CSF that will automatically block IPs that have multiple failed login attempts in a short period of time. You can also take other measures like changing your default SSH port, disabling root login, etc.
    XeHost.net - Hosting websites since 1999!
    Shared Hosting, Cloud Hosting, Reseller Hosting, VPS Hosting, and Dedicated Servers
    End-User Support, WHMCS, and WHMReseller Available on Reseller Plans!
    Follow us on Twitter - new special every Sunday! @XeHost

  10. #10
    Join Date
    Mar 2005
    Location
    Labrador, Canada
    Posts
    951
    Changing the port will avoid 99% of SSH attempts. It isn't any more secure but it does greatly reduce SSH attempts.

    The down side to it is that it can be confusing for users. If you're the only SSH/SCP/SFTP user then that doesn't matter.

    And if you are the only user, considering firewalling the SSH port so it only accepts connections from your IP. If you're on a dynamic IP you can firewall it to the range -- like 192.168.1.0/24 or 192.168.0.0/16 - which your ISP uses for dynamic IP allocation.

    Otherwise, fail2ban is a good choice.

  11. #11
    Yes, firewall is not needed to avoid the brute force attack but it definitely can improve your VPS security with firewall installed. Changing SSH port, disable the root login and enable the brute force protection is more than enough to avoid the brute force on SSH.

  12. #12
    Join Date
    Apr 2010
    Location
    on WHT
    Posts
    106
    Firewall is good and makes your VPS more secure.

  13. #13
    Join Date
    Jan 2011
    Location
    Canada
    Posts
    934
    Expanding on sleddog's suggestion, you can also build yourself a SSH gateway on a $1 vps from BuyVM or another bare-metal provider. This will give you a dedicated IP out there to use when you're on the road. Allow SSH only from that (and your own computer). The gateway will also allow you to give access to another trusted person.

    Just remember not to publish the ip on your dns records. Most automated sniffers would just move on past it after its first few attempts.

  14. #14
    Join Date
    Jan 2011
    Posts
    33
    If you're the only user, it's probably also worth disabling password login entirely and setting up authentication key login.

  15. #15
    Join Date
    Jan 2011
    Location
    Ohio
    Posts
    467
    I actually just changed my SSH port, and removed root direct login.. It was really simple, and painless. Just dont forget to restart SSH server

  16. #16
    Join Date
    Apr 2009
    Posts
    50
    There's a tutorial about secure SSH here

    _http://www.mysql-apache-php.com/ssh-attacks.htm

Similar Threads

  1. Server compromised SSH brute attack
    By Boinkys in forum Hosting Security and Technology
    Replies: 5
    Last Post: 01-21-2011, 03:10 AM
  2. vps being brute forced
    By elvis1 in forum VPS Hosting
    Replies: 47
    Last Post: 12-10-2010, 12:45 AM
  3. Is It a SSH Brute Force?
    By arda000 in forum Hosting Security and Technology
    Replies: 10
    Last Post: 08-25-2010, 03:16 AM
  4. What is the best way to prevent against Brute Force on ssh?
    By OneBinary in forum Hosting Security and Technology
    Replies: 6
    Last Post: 04-01-2006, 11:20 AM
  5. SSH Brute force attack going around.
    By zinet in forum Dedicated Server
    Replies: 11
    Last Post: 09-20-2004, 06:44 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •