Server Fault Asked by João Cerqueira on October 27, 2020
I’ve currently 3 servers with SSH service being attacked by brute force. The attack is from multiple sources or one who’s changing his IP with each attempt performed.
I need help to stop current attacks and protect/prevent from future ones.
I’ve already setup fail2ban in one machine after following (quickly) this guide: How to protect SSH with Fail2Ban on Ubuntu 14.04 but I haven’t saw any improvements by doing so.
Please, I really need help on this as there are sensitive services running in every machine which can not go down and these attacks are sucking machines’ resources.
Thanks in advance, best regards.
P.S.: I know there are several questions/answers on this topic but couldn’t find any suitable answer to help me…
Visit my website and check this tutorial. No, I will not paste my tutorial here, because it is a total nonsense. In the tutorial I explain how to block over 260 thousands bad IP addresses.
Additionally this tutorial: fail2ban – installation and configuration
One more is worth which explains how to use Cloudflare and how to generate RSA keys for SSH. I totally disabled password login in sshd_config
Answered by Sysadmin on October 27, 2020
You can change SSH port to a non-standard one, and then drop all packets coming to SSH port 22
. This way the attacker's connection attempts all time out, which causes them to use more time for each attempt.
If you are using some automatic scripts to connect to your server via SSH, then you need to reconfigure those.
SSH port is configured under /etc/ssh/sshd_config
.
However, if attackers port scan your server, they will find out the new port.
If you don't access the server from everywhere, then you allow only IP addresses where you use this server, and drop packets from all other IP addresses.
Answered by Tero Kilkanen on October 27, 2020
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP