Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Wow you're right. I just setup my own VPS yesterday. Decided to check the auth logs and the first invalid user attempt occurred less than 3 hours from my first login.

The "POSSIBLE BREAK-IN ATTEMPT!" message worried me for a bit but a little googling and the fact I've disabled password login calmed me down.

Presumably, changing my sshd port will drastically reduce these attempts right? Or do attackers routinely port scan servers?



I changed my port from 22 to a higher one and the user attempts are completely gone.

Only nuisance is that the higher ports may be blocked, for example my uni blocks my new ssh port so I can't connect to the vps when I'm on campus.


If you don't host any https websites on the VPS, using 443 will almost always get past port blocking.


Or just use both :) https://dgl.cx/2010/01/haproxy-ssh-and-ssl-on-same-port


Another choice is port 8080.


Yes, most of the time i use a different port than 22 and the noise all but dissapears.

Mind you it isn't that this is a defense, but it gets the drive-by scanning stuff out of the log.

By all means disable password login, and all direct root login.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: