 |
 |
 |
|||||||
|
|||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
| Web Hosting Forum Discuss web hosting related stuff. |
 |
|
|
LinkBack | Thread Tools | Display Modes |
09-14-2007, 12:02 PM
|
#1 (permalink) |
|
Inactive
|
SSH Attacks question
In my new host I have a Cpanel, which is completely different than Plesk that I had. Every day my server gets hundreds of failed login attempts. My host says it is normal and I should not pay attention. But the last sentence in this WHM warning says to investigate the even for the integrity of my host? Please help with advise. Is this normal so many login attempts? My server does not definitely host some Yahoo like websites. Thanks very much:
"The remote system 62.24.139.125 was found to have exceeded acceptable login failures on host.domain.com; there was 53 events to the service sshd. As such the attacking host has been banned from further accessing this system. For the integrity of your host you should investigate this event as soon as possible." |
|
 
|
| Sponsored Links |
   |
|
09-14-2007, 02:55 PM
|
#3 (permalink) |
|
v7n Mentor
 
|
It is very normal. Servers in a hosting company are a sitting duck for hackers as many people dont perform normal security tasks. Whatever you do make sure that your passwords are really strong.
Is it a dedicated server you are using? If it is then you'll want to learn iptables and the best security policies to use. I put an unprotected box (to test) on our network and the amount of brute force attacks on a daily basis is unbelievable. |
|
|
|
|
09-14-2007, 11:51 PM
|
#4 (permalink) |
|
Moderator
 
|
It's def. normal.
Bind SSH to only 1 IP, SSH Protocol 2, and you could even move it to another port if your host allows. -Todd
__________________
Learn about Bear Grylls, Les Stroud, Man Vs. Wild & SurvivorMan at Survival TV Shows Order Exciting Inspirational Posters from Inspirational Posters at great value. |
|
|
|
|
09-18-2007, 01:05 PM
|
#5 (permalink) |
|
Contributing Member
 |
It is just normal.
What firewall are you using in the server? You can try BFD if you are using APF which will block all IP's which makes failed logins above a threshold level. Also, you can harden SSH, by making it listen on a different port and disabling the direct root login. |
|
|
|
|
|
«
Previous Thread
|
Next Thread
»
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Google Attacks | peter_d | Google Forum | 0 | 10-10-2007 08:58 PM |
| DDoS attacks, help! | Gideon | Dedicated Servers | 9 | 03-31-2006 05:01 AM |
| Website attacks | thing2b | Coding Forum | 1 | 08-18-2005 02:20 PM |
| Sponsor Links | ||||||
|
Site Navigation: v7n Home .::. Graphics .::. Scripts .::. Web Designers .::. SEO Consultants .::. Web Hosting
Partners:V7N Web Directory .::. V7N Technology Blog .::. Host Ratings@V7N .::. V7N Affiliate Program .::. Advertise
Partners:V7N Web Directory .::. V7N Technology Blog .::. Host Ratings@V7N .::. V7N Affiliate Program .::. Advertise
All times are GMT -7. The time now is 03:43 AM.
© Copyright 2008 V7 Inc
