The Most Active and Friendliest
Affiliate Marketing Community Online!

“AdsEmpire”/  Direct Affiliate

I Think Someone Is Trying To Hack My VPS

Neo

Member
affiliate
I recive large number of emails every day about failed logins from my VPS...is there anything i can do to stop this? I dont know how did they find me because i have only 1 website on that server and its 2weeks old...

fan3xq9.png
 
SSH logins? Those are pretty common and are largely automated. I would definitely setup ssh keys and disable root logins. There is also software like fail2ban that will modify firewall rules to block offending ip's.

If nothing else, make sure you have a very strong password and disable login attempts after a certain number of failures. Let me know if you need help with this
 
This is what it says in email...I don't really have much experience with VPS so every advice is valuable to me:) Can they login in to my server even if i blocked every country except mine? Thank you for your answer @Jaded Affiliate

Ducqhbw.png
 
SSH is a service that allows you to login remotely to your server and perform admin tasks. If somebody gets in your server with the root account via SSH they have full access to the machine. If you don't use ssh I recommend you disable the service completely. Most VPS providers will give you console access via a web browser.

Are you familiar with running commands and logging into the system?
 
I know only basic stuff and i use WHM to login. Ok great i will try to disable SSH service. I did whitelist only my IP range is that helping? Again thanks for answers mate...
 
You're IP range could be on a massive block with thousands of other addresses. It's also possible your whitelist isn't configured properly.

Regardless, disabling services you don't use is a good security practice. You might see what else is running while you are logged in.
 
I didn't have any issues with logging in so far so i think i did set up that part correctly. Basically if he has a password but his IP is not on the whitelist,can he still login? I will disable SSH since i dont use it.
 
With a whitelist, only the ip's you specify can connect to the server. Any other connection is refused. From those logs you posted above I imagine that your whitelist isn't working properly otherwise that hacker machine wouldn't be able to connect.

Having a strong password and blocking ip's after too many failed attempts is a decent strategy. Just make sure you don't lock yourself out haha.

I prefer to use keys when connecting through ssh but you don't have to, especially if your server isn't doing anything important. Also disabling root logins is a good strategy too.

In this case you would login as a normal user and than switch to root once you're in, or sudo
 
Someone will always be trying to hack your VPS.

All you can do is make sure your password to secure, that your security is a strong as possible over the best.
 
This is my first step when I create a new Cloud Server Instance:

1. Change the default SSH port to something different. By default SSH runs on TCP port 22. Changing it to something like 22XX will prevent those automated bots finding your server.
2. Disable root password login.
3. Create ssh keys for root, and only allow access with root via keys.

With those simple steps, I'd say there's 95% possibility you will not be bothered again with that situation...
 
This is my first step when I create a new Cloud Server Instance:

1. Change the default SSH port to something different. By default SSH runs on TCP port 22. Changing it to something like 22XX will prevent those automated bots finding your server.
2. Disable root password login.
3. Create ssh keys for root, and only allow access with root via keys.

With those simple steps, I'd say there's 95% possibility you will not be bothered again with that situation...

Just don't lose your laptop with the keys on them :D
 
banners
Back