Date: Wed, 7 Mar 2018 09:20:02 -0500 From: William Dudley <wfdudley@gmail.com> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: Increased abuse activity on my server Message-ID: <CAFsnNZ%2Bx_2YUuNrVDjt4MXMB40W3qHeyYsNgZSWT=3a4cRTKOA@mail.gmail.com> In-Reply-To: <20180307103136.25881537.ole@free.de> References: <20180307071944.GA30971@ymer.bara1.se> <20180307103136.25881537.ole@free.de>
next in thread | previous in thread | raw e-mail | index | archive | help
This may sound stupid and obvious, but I moved my ssh port to a high "random" port number, and that completely stopped the random attempts to ssh in. I know that "security by obscurity" "doesn't work", but it did! I picked a port like 5792 -- not related to anything else. (i.e. don't pick 2222 or 2022 etc.) I've had this in place for months and months (perhaps a year) and the attackers haven't found the port yet. I think this works because unless you, specifically, are at *target* of somebody *serious*, (think "kbg"), most of these attackers are opportunists who won't spend the time to do a full port scan of your server. They just try the standard ports: 21, 22, 23, 25, etc. ALSO, you should disable password auth for ssh and use only public/private key. Then you know the attackers are REALLY wasting their time. Bill Dudley This email is free of malware because I run Linux. On Wed, Mar 7, 2018 at 4:31 AM, Ole <ole@free.de> wrote: > Wed, 7 Mar 2018 08:19:44 +0100 - User Hasse <hasse@bara1.se>: > > > Anybody else noticed ? > > Welcome to the internet :-) > > If you have strong passwords or better only public key authentication > allowed, just don't care. If you want to increase security you could > use a VPN + Firewall to only allow connections from your VPN. If you > just don't want them to spam your logs you could just move sshd from > port 22 to port 24. > > regards Ole >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFsnNZ%2Bx_2YUuNrVDjt4MXMB40W3qHeyYsNgZSWT=3a4cRTKOA>