Is right now happening a SSH attack?

Do you face the same problem?

4 Replies

Not sure what you are experiencing.

I’d suggest implementing a firewall and Fail2ban if you haven’t already.

It’s the first thing I do on a new server to lock it down. I’ve seen dictionary attacks against SSH start within 30 seconds of a new server coming online.

https://www.linode.com/docs/security/firewalls/

https://www.linode.com/docs/security/using-fail2ban-to-secure-your-server-a-tutorial/

@andysh --

You write:

I’d suggest implementing a firewall and Fail2ban if you haven’t already.

Blacklists help a great deal as well…there are lots of these bad actors out there who are well known (mostly from Russia, China, Taiwan & the Koreas).

You also write:

I’ve seen dictionary attacks against SSH start within 30 seconds of a new server coming online.

Ditto for me.

-- sw

Dont use port 22.

@Tntdruid writes:

Dont use port 22.

Really? Do you think that dictionary attacks mounted by the Russian, Chinese or DPRK governments are going to be stopped by doing this? There are only 65535 available port numbers. It would take an iPhone maybe a minute to try them all…

Sorry… Not using port 22 just results in prefatory attacks to figure out the port you do use!

-- sw

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct