3
1
Every time I access my VPS using PuTTY, I see this:
Last failed login: Fri Oct 6 17:25:58 UTC 2017 from xx.xxx.xxx.xxx on ssh:notty
There were 2381935 failed login attempts since the last successful login.
Last login: Tue Sep 26 09:30:02 2017 from xx.xxx.xxx.xxx
I don’t know it it is related, but when I login, it takes more time to load, on other servers that don’t get as many login fails as this one, the load time is a lot smaller.
Can you tell me if this many login attempts affect the performance of the server? And is there any way I can protect against this? I mean, my password for the servers are kinda impossible to break, but is there a way to avoid this fail login attempts ?
System specs:
- Icon name: computer-vm
- Chassis: vm
- Virtualization: kvm
- Operating System: CentOS Linux 7 (Core)
- CPE OS Name: cpe:/o:centos:centos:7
- Kernel: Linux 3.10.0-514.26.2.el7.x86_64
- Architecture: x86-64
1
You can either limit ssh access by ip address or change the port from 22 to something random.
– SpiderPig – 2017-10-06T18:06:20.8372Are the attempts from the same URL? If so, block it, – DrMoishe Pippik – 2017-10-06T18:06:38.627
1btw. you may also want to check what causes the slow load times e.g. with htop. There is a possibility that there is already some malware on the server. – SpiderPig – 2017-10-06T18:10:52.907
3The most secure way to do this would be to block everything and only allow the IP address(es) you trust to connect to it. I thought there was a Fail2Ban software with Linux so look into that as well to block IP addresses from failed attempts as you get brute-forced. There are probably tons of kindergartners out there is some countries running scans are part of their elementary education in school. – Pimp Juice IT – 2017-10-06T20:29:30.237
3You could use fail2ban to block IPs that exceed x number of failed login attempts. – Klinghust – 2017-10-06T22:46:03.400
1@Klinghust Fail2Ban is fine. But a more effective solution that requires utterly no new software installation is to simply disable the
root
account by creating a new user with admin rights, disablingroot
and letting that unique Sudo user be the new pseudo-root
on the system. – JakeGould – 2017-10-07T05:43:25.6301Very helpful comments, thank you guys so much, I will try to use it in my favor. – Mirage – 2017-10-07T20:09:15.717