Hello, I recently got myself into an unmanaged VPS package and I noticed in my log files, countless attempts to ssh into the system. After a bit of searching, fail2ban looked like a good way to ban the brute force attacks automatically.
My question is what should I configure it with? There's the option for iptables or host.deny. I've read that iptables are not fully supported under Virtuozzo but the stuff I've read are a bit dated. Are there still some issues with iptables under Virtuozzo?
What I'm using now:
*Virtuozzo 3 -not sure on exact version. Whatever SolarVPS is using.
*Signed up with centos4
*uname -r = 2.6.9-022stab078.14-enterprise
I know this thread is extremely old, but still it could be helpful to someone else getting brute force attacks over SSH.
A good piece of software to use would be DenyHosts. It is software that will parse your log files for failed SSH login attempts. If an IP address tries gets too many invalid passwords, DenyHosts will add the IP to /etc/hosts.deny, or whatever file you specify, depending on your OS.
Might be worth looking at, it's pretty reliable. Just Google "DenyHosts", I would post a link but have to make a few more posts first.
Personally, what we do is move ssh to a different port if firewalling is not practical which it sometimes isn't. That way you will not get targeted by all of the mass scans. If you do get any it will be from a determined attacker and you can be sure you are being targeted by someone, which is useful information and you can block their entire IP range on all of your servers.
Seems to be a good option posted here but if you really want to protect your server more then disable default root access. That is in order to access the server then first access via a user and then login as root from there.