0

I have my centos fresh server with no problem, I have httpd, named but I get 150 failed logins per 10 minute. I also use Fail2Ban with maxretry 1 findtime 6h. and mod_evasive mod_security default settings just a Bit Tweaked. but When I Disconnect to test and connect back after 10 minute I get 150 failed logins. Fail2ban tells me about 30 - 50 IPs are Banned. I Made my Fail2Ban Config so Strong nothing works, I also found a question on Stackoverflow said to do pip install pyinotify I installed and set my backend to pyinotify.

I cant even run my Server for 1 - 3 days cause it will get 10 - 15k failed logins.

Dave M
  • 4,514
  • 22
  • 31
  • 30
Ariya Mirzaei
  • 5
  • 4

1 Answers1

0

Most of these login attempts will be by automated bots. In addition to your fail2ban scripts you can reduce significantly the number of attempts by moving SSH to another port.

Check: https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml to find an unassigned port. For example 258 is currently unassigned

In the file: /etc/ssh/sshd_config change the line:

port 22

to

port 258

Save the file, restart ssh, then in putty, on the configuration page, change the port field to the same port number 258.

Ideally, you should not log in as root, but use another user and then use the su command to access root.

Once you have created another user and can use su change the /etc/ssh/sshd_config line:

PermitRootLogin yes

to

PermitRootLogin no

That should cut dramatically the number of failed logins.

Just as a final point - if you use a firewall then you will have to set the firewall to allow the new port BEFORE making the change to sshd

Falstone
  • 179
  • 6