Increased abuse activity on my server
William Dudley
wfdudley at gmail.com
Wed Mar 7 14:20:04 UTC 2018
This may sound stupid and obvious, but I moved my ssh port to a high
"random" port
number, and that completely stopped the random attempts to ssh in. I know
that
"security by obscurity" "doesn't work", but it did!
I picked a port like 5792 -- not related to anything else. (i.e. don't
pick 2222 or 2022 etc.)
I've had this in place for months and months (perhaps a year) and the
attackers
haven't found the port yet.
I think this works because unless you, specifically, are at *target* of
somebody *serious*,
(think "kbg"), most of these attackers are opportunists who won't spend the
time
to do a full port scan of your server. They just try the standard ports:
21, 22, 23, 25, etc.
ALSO, you should disable password auth for ssh and use only public/private
key.
Then you know the attackers are REALLY wasting their time.
Bill Dudley
This email is free of malware because I run Linux.
On Wed, Mar 7, 2018 at 4:31 AM, Ole <ole at free.de> wrote:
> Wed, 7 Mar 2018 08:19:44 +0100 - User Hasse <hasse at bara1.se>:
>
> > Anybody else noticed ?
>
> Welcome to the internet :-)
>
> If you have strong passwords or better only public key authentication
> allowed, just don't care. If you want to increase security you could
> use a VPN + Firewall to only allow connections from your VPN. If you
> just don't want them to spam your logs you could just move sshd from
> port 22 to port 24.
>
> regards Ole
>
More information about the freebsd-questions
mailing list