I Think Someone Is Trying To Hack My VPS
- Thread starter Neo
- Start date
SSH logins? Those are pretty common and are largely automated. I would definitely setup ssh keys and disable root logins. There is also software like fail2ban that will modify firewall rules to block offending ip's.
If nothing else, make sure you have a very strong password and disable login attempts after a certain number of failures. Let me know if you need help with this
If nothing else, make sure you have a very strong password and disable login attempts after a certain number of failures. Let me know if you need help with this
This is what it says in email...I don't really have much experience with VPS so every advice is valuable to me
Can they login in to my server even if i blocked every country except mine? Thank you for your answer @Jaded Affiliate
Can they login in to my server even if i blocked every country except mine? Thank you for your answer @Jaded Affiliate
SSH is a service that allows you to login remotely to your server and perform admin tasks. If somebody gets in your server with the root account via SSH they have full access to the machine. If you don't use ssh I recommend you disable the service completely. Most VPS providers will give you console access via a web browser.
Are you familiar with running commands and logging into the system?
Are you familiar with running commands and logging into the system?
You're IP range could be on a massive block with thousands of other addresses. It's also possible your whitelist isn't configured properly.
Regardless, disabling services you don't use is a good security practice. You might see what else is running while you are logged in.
Regardless, disabling services you don't use is a good security practice. You might see what else is running while you are logged in.
With a whitelist, only the ip's you specify can connect to the server. Any other connection is refused. From those logs you posted above I imagine that your whitelist isn't working properly otherwise that hacker machine wouldn't be able to connect.
Having a strong password and blocking ip's after too many failed attempts is a decent strategy. Just make sure you don't lock yourself out haha.
I prefer to use keys when connecting through ssh but you don't have to, especially if your server isn't doing anything important. Also disabling root logins is a good strategy too.
In this case you would login as a normal user and than switch to root once you're in, or sudo
Having a strong password and blocking ip's after too many failed attempts is a decent strategy. Just make sure you don't lock yourself out haha.
I prefer to use keys when connecting through ssh but you don't have to, especially if your server isn't doing anything important. Also disabling root logins is a good strategy too.
In this case you would login as a normal user and than switch to root once you're in, or sudo
Someone will always be trying to hack your VPS.
All you can do is make sure your password to secure, that your security is a strong as possible over the best.
All you can do is make sure your password to secure, that your security is a strong as possible over the best.
This is my first step when I create a new Cloud Server Instance:
1. Change the default SSH port to something different. By default SSH runs on TCP port 22. Changing it to something like 22XX will prevent those automated bots finding your server.
2. Disable root password login.
3. Create ssh keys for root, and only allow access with root via keys.
With those simple steps, I'd say there's 95% possibility you will not be bothered again with that situation...
1. Change the default SSH port to something different. By default SSH runs on TCP port 22. Changing it to something like 22XX will prevent those automated bots finding your server.
2. Disable root password login.
3. Create ssh keys for root, and only allow access with root via keys.
With those simple steps, I'd say there's 95% possibility you will not be bothered again with that situation...
