How Do I stop SSH attacks

SSH Brute Force the 10 Year Old Attack That Still Persists

One of the first things you'll notice if you have ssh running and exposed to the outside world is that you'll probably log attempts by hackers to guess your username/password. Typically a hacker will scan for port 22 (the default port on which ssh listens) to find machines with ssh running, and then attempt a brute-force attack against it. With strong passwords in place, hopefully any attack will be logged and noticed before it can succeed.

Hopefully you already use strong passwords, but if you are not then try to choose passwords that contains:

  • Minimum of 8 we prefer 16 characters
  • Mix of upper and lower case letters
  • Mix of letters and numbers
  • Non alphanumeric characters (e.g. special characters such as ! "

Most Attacks are done by robots looking for a week password

Last 7 days of scans Analysis

By just going back 7 days and looking at our logs on a open server that we collect attacking ip’s, we can see 15,000 attacks against it. The top username is still root (with more than 50% of the scans):

#attempts #username

     9012 root (58%)

     179 test (1%)

     116 oracles (< 1%)

     87 admin

     82 info

     70 user

     69  postgres

     68  mysql

     68  backup

     55  guest

     49  web

     49  tomcat

     46  michael

     45  r00t

     43  upload

     42  alex

     41  sales

     40  linux

     39  bin

     38  ftp

     35  support

     34  temp

     33  nagios

     31  user1

     30  www

     30  test1

     30  nobody

By default, ssh listens for incoming connections on port 22. For a hacker to determine ssh is running on your machine, he'll most likely scan port 22 to determine this. An effective method is to run ssh on a non-standard port. Any unused port will do, although one above 1024 is preferable. It's better to pick some random high port that's not used for any known services. To make the change, add a line like this to your /etc/ssh/sshd_config file: (if you do not know how to do this we can set it up for you)

  • 3 Utenti hanno trovato utile questa risposta
Hai trovato utile questa risposta?

Articoli Correlati

New DNS

I Had you set up my nameservers in my new webserver. When I went to my...

I keep getting brute force attack warnings in my email

We have installed a brute force detector & firewall on your server this is a FREE added layer...

Reverse DNS (rDNS) (PTR)

How to Setup Reverse DNS Reverse DNS (rDNS) for your IP address can only be setup by...

TOS/AUP

For our Terns of service  and acceptable use  please see...

Reboots & Hardware Failure

1. Log a Priority ticket & include main Ip Address and check "reboot my server" 2. You may...