Results 1 to 8 of 8
  1. #1
    Join Date
    Nov 2011
    Calgary, Alberta, Canada

    Question Numerous hacking attempts with

    I got a dedicated server from a couple weeks ago now and installed CSF. Since getting the server, I am receiving notifications every few hours or so that XYZ IP address was trying to login via SSH, portscanning, etc. The IP addresses are from all over the place (including USA, China, Canada, India, Korea, and Phillipines) and seem to be from either compromised servers or cheap VPS providers. I have the root login disabled and I am considering changing the SSH port to something other then 22. I was wondering if this is normal for servers or is my IP address just being targeted for whatever reason?
    Little Apps
    Open Source Software

  2. Re: Numerous hacking attempts with

    It has nothing to do with ovh, it's random port scanning, and such.
    Also you should change ssh port, this will remove lots of alerts in csf.
    We have servers in differents DCs and this happens in all of them.
    Hostabulous | cPanel (Linux) & Plesk (Windows) Hosting KVM VPS R1Soft backups | Proudly Canadian
    Cloudflare LiteSpeed Cloudlinux Remote backups Anti-Spam Web App Firewall Canada/US/Germany

  3. #3
    Join Date
    Dec 2011
    I've never seen a server not being port scanned, so it's pretty normal - run ssh on another port, or use port knocking, and have port 22 closed by default.

  4. #4
    This is normal behavior. In addition to changing SSH port, I also recommend to SSH access to your home/office IPs only.
    || Web Hosting Blog - Web Hosting security & latest web hosting industry Announcements
    || Web Hosting Discussion - A Web Hosting community

  5. #5
    Join Date
    Nov 2011
    Calgary, Alberta, Canada
    Quote Originally Posted by Kailash12 View Post
    I also recommend to SSH access to your home/office IPs only.
    Problem with that is my IP address is dynamic so if I restrict it to this IP address, then tomorrow it can all of a sudden change and I'm stuck having to wipe the server cause there's no KVM access.
    Little Apps
    Open Source Software

  6. #6
    Join Date
    Nov 2013
    And of course the most important fix which is moving from password to key based authentication, in addition to moving from port 22.

  7. #7
    Join Date
    May 2004
    Simply changing the SSH port stops most SSH login attempts dead, they all try on the default port. Cannot even remember the last time CSF alerted me about SSH. Of course this will not work if a person and not a bot is targeting your server, but hopefully this is obvious (and not the intended purpose of changing the port anyway).

  8. #8
    Changing the SSH port number will resolve the issue.

    You can Allow specific user to login via SSH:

    You should not permit root logins via SSH, because this is a big and unnecessary security risk. If an attacker gains root login for your system, he can do more damage than if he gains normal user login. Configure SSH server so that root user is not allowed to log in. Find the line that says:

    PermitRootLogin yes

    Change yes to no and restart the service. You can then log in with any other defined user and switch to user root if you want to become a superuser.

Similar Threads

  1. Hacking attempts are on the rise...
    By gpl24 in forum Hosting Security and Technology
    Replies: 6
    Last Post: 08-27-2008, 05:14 AM
  2. Hacking attempts?
    By azism in forum Hosting Security and Technology
    Replies: 2
    Last Post: 08-23-2008, 07:27 PM
  3. Hacking attempts from
    By Darren E in forum Hosting Security and Technology
    Replies: 7
    Last Post: 03-15-2008, 08:52 AM
  4. Daily Hacking Attempts
    By dvd871 in forum VPS Hosting
    Replies: 13
    Last Post: 10-15-2007, 04:22 AM
  5. Constant hacking attempts
    By dbbrock1 in forum Web Hosting
    Replies: 12
    Last Post: 09-26-2002, 03:48 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts