monetizer expertmobi
Dismiss Notice
Welcome to Our Community
Wanting to join the rest of our members? Feel free to sign up today.

I Think Someone Is Trying To Hack My VPS

Discussion in 'General Affiliate Marketing Forum' started by Neo, Sep 29, 2015.

  1. Neo

    Neo Affiliate affiliate

    70
    41
    18
    I recive large number of emails every day about failed logins from my VPS...is there anything i can do to stop this? I dont know how did they find me because i have only 1 website on that server and its 2weeks old...

    [​IMG]
     
  2. monetizer
  3. Jaded Affiliate

    Jaded Affiliate Affiliate affiliate

    102
    61
    28
    SSH logins? Those are pretty common and are largely automated. I would definitely setup ssh keys and disable root logins. There is also software like fail2ban that will modify firewall rules to block offending ip's.

    If nothing else, make sure you have a very strong password and disable login attempts after a certain number of failures. Let me know if you need help with this
     
    seeqer and Neo like this.
  4. Neo

    Neo Affiliate affiliate

    70
    41
    18
    This is what it says in email...I don't really have much experience with VPS so every advice is valuable to me:) Can they login in to my server even if i blocked every country except mine? Thank you for your answer @Jaded Affiliate

    [​IMG]
     
  5. Jaded Affiliate

    Jaded Affiliate Affiliate affiliate

    102
    61
    28
    SSH is a service that allows you to login remotely to your server and perform admin tasks. If somebody gets in your server with the root account via SSH they have full access to the machine. If you don't use ssh I recommend you disable the service completely. Most VPS providers will give you console access via a web browser.

    Are you familiar with running commands and logging into the system?
     
    seeqer and Neo like this.
  6. Neo

    Neo Affiliate affiliate

    70
    41
    18
    I know only basic stuff and i use WHM to login. Ok great i will try to disable SSH service. I did whitelist only my IP range is that helping? Again thanks for answers mate...
     
  7. Jaded Affiliate

    Jaded Affiliate Affiliate affiliate

    102
    61
    28
    You're IP range could be on a massive block with thousands of other addresses. It's also possible your whitelist isn't configured properly.

    Regardless, disabling services you don't use is a good security practice. You might see what else is running while you are logged in.
     
  8. Neo

    Neo Affiliate affiliate

    70
    41
    18
    I didn't have any issues with logging in so far so i think i did set up that part correctly. Basically if he has a password but his IP is not on the whitelist,can he still login? I will disable SSH since i dont use it.
     
  9. Neo

    Neo Affiliate affiliate

    70
    41
    18
    btw my password is strong and i did set up Brute Force to block ip after 2 failures.
     
  10. Jaded Affiliate

    Jaded Affiliate Affiliate affiliate

    102
    61
    28
    With a whitelist, only the ip's you specify can connect to the server. Any other connection is refused. From those logs you posted above I imagine that your whitelist isn't working properly otherwise that hacker machine wouldn't be able to connect.

    Having a strong password and blocking ip's after too many failed attempts is a decent strategy. Just make sure you don't lock yourself out haha.

    I prefer to use keys when connecting through ssh but you don't have to, especially if your server isn't doing anything important. Also disabling root logins is a good strategy too.

    In this case you would login as a normal user and than switch to root once you're in, or sudo
     
  11. kezzahayles

    kezzahayles Affiliate affiliate

    12
    4
    3
    Someone will always be trying to hack your VPS.

    All you can do is make sure your password to secure, that your security is a strong as possible over the best.
     
  12. artie7

    artie7 Affiliate affiliate

    38
    46
    18
    This is my first step when I create a new Cloud Server Instance:

    1. Change the default SSH port to something different. By default SSH runs on TCP port 22. Changing it to something like 22XX will prevent those automated bots finding your server.
    2. Disable root password login.
    3. Create ssh keys for root, and only allow access with root via keys.

    With those simple steps, I'd say there's 95% possibility you will not be bothered again with that situation...
     
    Neo and seeqer like this.
  13. Jaded Affiliate

    Jaded Affiliate Affiliate affiliate

    102
    61
    28
    Just don't lose your laptop with the keys on them :D
     

Featured Resources (View All)

MI