TransWikia.com

Stop and prevent brute force attacks on Ubuntu 14.04

Server Fault Asked by João Cerqueira on October 27, 2020

I’ve currently 3 servers with SSH service being attacked by brute force. The attack is from multiple sources or one who’s changing his IP with each attempt performed.

I need help to stop current attacks and protect/prevent from future ones.

I’ve already setup fail2ban in one machine after following (quickly) this guide: How to protect SSH with Fail2Ban on Ubuntu 14.04 but I haven’t saw any improvements by doing so.

Please, I really need help on this as there are sensitive services running in every machine which can not go down and these attacks are sucking machines’ resources.

Thanks in advance, best regards.

P.S.: I know there are several questions/answers on this topic but couldn’t find any suitable answer to help me…

2 Answers

Visit my website and check this tutorial. No, I will not paste my tutorial here, because it is a total nonsense. In the tutorial I explain how to block over 260 thousands bad IP addresses.

Sysadmin - Administration, security and hardening of Linux - Using blocklist with iptables and firewalld

Additionally this tutorial: fail2ban – installation and configuration

One more is worth which explains how to use Cloudflare and how to generate RSA keys for SSH. I totally disabled password login in sshd_config

SSH RSA

Answered by Sysadmin on October 27, 2020

You can change SSH port to a non-standard one, and then drop all packets coming to SSH port 22. This way the attacker's connection attempts all time out, which causes them to use more time for each attempt.

If you are using some automatic scripts to connect to your server via SSH, then you need to reconfigure those.

SSH port is configured under /etc/ssh/sshd_config.

However, if attackers port scan your server, they will find out the new port.

If you don't access the server from everywhere, then you allow only IP addresses where you use this server, and drop packets from all other IP addresses.

Answered by Tero Kilkanen on October 27, 2020

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP