SSH2 login attempts when port should be blocked?

Discussion in 'General' started by FeraTechInc, May 2, 2007.

  1. FeraTechInc

    FeraTechInc ISPConfig Developer ISPConfig Developer

    I'm having SSH2 login attempts in my auth.log on ports like 46580 This port should be blocked by my firewall. How are people even getting a change to try and log in?

    I'm getting very frequent login attempts with things like admin admin and other common generic passwords. It's obvious somebody is trying to get in.

    How can I stop them? They are making around 10 attempts with a different IP every day.
     
  2. Hawker

    Hawker New Member

    If you don't need SSH on the server simply stop SSH and don't load it on reboot.

    service sshd stop
    chkconfig sshd off
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

  4. FeraTechInc

    FeraTechInc ISPConfig Developer ISPConfig Developer

    Will this howto also work with Ubuntu?

    I know they are both debian based but some things on Deb don't always work with Ubuntu.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, I think so.
     
  6. FeraTechInc

    FeraTechInc ISPConfig Developer ISPConfig Developer

    Thanks I just installed it. Surprisingly it was already in the repositories.

    I will be testing it and checking how well it works on my server.
     
  7. fordwrench

    fordwrench Member HowtoForge Supporter

  8. fordwrench

    fordwrench Member HowtoForge Supporter

    I see the fail2ban howto mentions the denyhosts...

    I found the denyhosts howto first so that is what I used...



    Fordwrench
     
  9. FeraTechInc

    FeraTechInc ISPConfig Developer ISPConfig Developer

    Wow, it took a little bit but I got it to work.

    For Ubuntu all you have to do is install it with the default settings.

    The suggested script in the howto causes the program to have errors.

    Step 1:
    apt-get install fail2ban
    Step 2:
    Open up System Log Viewer
    Step 3:
    Find /var/log/fail2ban.log

    And watch the scipt kiddies get banned.

    Also, I changed the ban time to 5 days. My script kiddies I guess are more persistant than most.

    Thanks Till I feel like my server is much more secure.
     

Share This Page