-1

Lately my server goes down many times and I have to reboot it in order to start up again.

I use CentOS for my web server and notice an email send from my server log that Brute-Force Attack detected in service log from IP(s) 195.110.154.68

enter image description here

This is kind of getting really annoying and felt that my server is not in a good position.

I really don't have much control on my server at the moment because the person who set up the server not able to give me the root password of my server at the moment because he is out of the country.

What can I do to prevent this?

Or the only option is to wait for root password and install some protection script?

EDIT: Seriously at the moment I post my server went down again!

Ali
  • 300
  • 1
  • 4
  • 12

2 Answers2

2

Snort® is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and nearly 400,000 registered users, Snort has become the de facto standard for IPS.

as far as root goes, make sure to disable root remote logins w/ "PermitRootLogin no" in your sshd_config

alexus
  • 12,342
  • 27
  • 115
  • 173
1

You have a limited amount of choices without root access. You will have to rely on blocking IPs on your external firewall or setting up an IPS sensor in front of it to filter the traffic prior to reaching the server, such as Snort mentioned above. However, once you do get root access, I would highly recommend using fail2ban on your server. It will do a good job of locking out IPs try to attack your website.

Eric
  • 1,373
  • 3
  • 17
  • 33