Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Large Number of Failed Login Attempts
#1
Hello everyone i receive this mail all the time , someone tries to login in my server from different IPs , is there anyway to prevent this ? Should i use firewall or something ? Unsure

"Large Number of Failed Login Attempts "
Reply
#2
(10-07-2010, 08:14 PM)virus_in_town Wrote: Hello everyone i receive this mail all the time , someone tries to login in my server from different IPs , is there anyway to prevent this ? Should i use firewall or something ? Unsure

"Large Number of Failed Login Attempts "

We can't help you with such a small amount of information. Where is that email being generated? SSH login attempts? What's your hosting situation (shared, VPS, dedicated)?
Ho, ho, ho! Well, if it isn't fat stinking billy goat Billy Boy in poison!
How art thou, thou globby bottle of cheap, stinking chip oil?
Come and get one in the yarbles, if ya have any yarbles, you eunuch jelly thou!
Reply
#3
(10-08-2010, 12:16 PM)Disease Wrote: We can't help you with such a small amount of information. Where is that email being generated? SSH login attempts? What's your hosting situation (shared, VPS, dedicated)?

I have Dedicated server , and its automatically generated mail comes to my mentioned email address while i registered the server. Root login failed attempt
Reply
#4
(10-08-2010, 06:25 PM)virus_in_town Wrote: I have Dedicated server , and its automatically generated mail comes to my mentioned email address while i registered the server. Root login failed attempt

There are some simple steps you can take to secure SSH beyond the default settings. Disabling root login entirely is the best thing I can recommend. I also recommend changing the default port away from 22 to some arbitrary number. Lastly, lower the amount of time the login will be available before timing out and limit the amount of unsuccessful attempts allowed. All of this is easily done in the sshd config file, typically located at:

/etc/ssh/sshd_config

Specifically, the directives you're looking for:

Port 22 - Change the 22 to something different; make sure whatever port you choose it isn't already in use.
PermitRootLogin yes - Change to no.
LoginGraceTime 600 - The amount of time to login in seconds; go as low as 10-30 if you're comfortable with it.
MaxAuthTries 6 - Number of unsuccessful attempts allowed; go as low as you feel comfortable (if you use a password manager or otherwise copy/paste your password from a reliable source, drop this to 1).
Ho, ho, ho! Well, if it isn't fat stinking billy goat Billy Boy in poison!
How art thou, thou globby bottle of cheap, stinking chip oil?
Come and get one in the yarbles, if ya have any yarbles, you eunuch jelly thou!
Reply
#5
Its handy to have these, just try and trace the IP or report them to the authorities.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)