Web lists-archives.com

Re: Undesired ssh login attempts




On 06/10/2018 07:55 PM, deloptes wrote:
> Hi,
> I recently get many of those, which means someone found out that ssh
> external is on port 22222 and is trying to do some evil work there.
> Should I worry or do something?

> Similar for apache web server.
> I think both are secure: for ssh no users with easy password allowed to
> login and apache - no pages or stuff that would compromise.
> 
> thanks for opinion
> 
> regards
> 

Welcome to the Internet!

If you're confident of your setup, you can safely ignore them. If you're
 annoyed by the logs, you could set up something like fail2ban to block
connections from IPs that have made too many bad attempts (although this
could possibly be used to lock you out).

My recommendation is the same as Dan's, consider disabling password
login to allow only pubkey authentication. Same with the ports, I
usually don't bother with using a non-standard port since it would, at
best, only reduce the volume of attacks and not really provide any
additional security.

Same with apache, if you think your server is secure, just let it be;
there's nothing you can do, really. Maybe put your server behind some
service that stops automated/malicious access (eg. CF) if you're into
that kind of thing, I guess?

Good luck!