My ubuntu server is trying to hack to protect themselves?


Warning: count(): Parameter must be an array or an object that implements Countable in /home/styllloz/code-flow.club/qa-theme/donut-theme/qa-donut-layer.php on line 274
0 like 0 dislike
18 views
Similar log issues
Nov 14 16:23:07 RustServer sshd[11049]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.65.42.179 user=root Nov 14 16:23:08 RustServer sshd[11051]: Failed password for root from 122.226.181.165 port 58750 ssh2 Nov 14 16:23:08 RustServer sshd[11051]: Received disconnect from 122.226.181.165 port 58750:11: [preauth] Nov 14 16:23:08 RustServer sshd[11051]: Disconnected from the authenticating user root 122.226.181.165 port 58750 [preauth] Nov 14 16:23:12 RustServer sshd[11053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.16 user=root Nov 14 16:23:15 RustServer sshd[11053]: Failed password for root from 116.31.116.16 port 48970 ssh2 Nov 14 16:23:17 RustServer sshd[11053]: Failed password for root from 116.31.116.16 port 48970 ssh2 Nov 14 16:23:20 RustServer sshd[11053]: Failed password for root from 116.31.116.16 port 48970 ssh2 Nov 14 16:23:20 RustServer sshd[11053]: Received disconnect from 116.31.116.16 port 48970:11: [preauth] Nov 14 16:23:20 RustServer sshd[11053]: Disconnected from the authenticating user root 116.31.116.16 port 48970 [preauth] Nov 14 16:23:20 RustServer sshd[11053]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.16 user=root Nov 14 16:24:11 RustServer sshd[11061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.16 user=root Nov 14 16:24:13 RustServer sshd[11061]: Failed password for root from 116.31.116.16 port 58214 ssh2 Nov 14 16:24:16 RustServer sshd[11061]: Failed password for root from 116.31.116.16 port 58214 ssh2 Nov 14 16:24:18 RustServer sshd[11061]: Failed password for root from 116.31.116.16 port 58214 ssh2 Nov 14 16:24:18 RustServer sshd[11061]: Received disconnect from 116.31.116.16 port 58214:11: [preauth] Nov 14 16:24:18 RustServer sshd[11061]: Disconnected from the authenticating user root 116.31.116.16 port 58214 [preauth] Nov 14 16:24:18 RustServer sshd[11061]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.16 user=root Nov 14 16:24:48 RustServer sshd[11068]: Connection reset by 118.123.15.142 port 58158 [preauth] Nov 14 16:25:07 RustServer sshd[11072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.16 user=root Nov 14 16:25:09 RustServer sshd[11072]: Failed password for root from 116.31.116.16 port 63844 ssh2 Nov 14 16:25:11 RustServer sshd[11072]: Failed password for root from 116.31.116.16 port 63844 ssh2 Nov 14 16:25:14 RustServer sshd[11072]: Failed password for root from 116.31.116.16 port 63844 ssh2 Nov 14 16:25:14 RustServer sshd[11072]: Received disconnect from 116.31.116.16 port 63844:11: [preauth] Nov 14 16:25:14 RustServer sshd[11072]: Disconnected from the authenticating user root 116.31.116.16 port 63844 [preauth] Nov 14 16:25:14 RustServer sshd[11072]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.16 user=root Nov 14 16:26:02 RustServer sshd[11078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.16 user=root Nov 14 16:26:04 RustServer sshd[11078]: Failed password for root from 116.31.116.16 port 16276 ssh2 Nov 14 16:26:06 RustServer sshd[11078]: Failed password for root from 116.31.116.16 port 16276 ssh2 Nov 14 16:26:09 RustServer sshd[11078]: Failed password for root from 116.31.116.16 port 16276 ssh2 Nov 14 16:26:09 RustServer sshd[11078]: Received disconnect from 116.31.116.16 port 16276:11: [preauth] Nov 14 16:26:09 RustServer sshd[11078]: Disconnected from the authenticating user root 116.31.116.16 port 16276 [preauth] Nov 14 16:26:09 RustServer sshd[11078]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.16 user=root Nov 14 16:27:20 RustServer sshd[11087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.16 user=root Nov 14 16:27:22 RustServer sshd[11087]: Failed password for root from 116.31.116.16 port 45100 ssh2 Nov 14 16:27:24 RustServer sshd[11087]: Failed password for root from 116.31.116.16 port 45100 ssh2 Nov 14 16:27:27 RustServer sshd[11087]: Failed password for root from 116.31.116.16 port 45100 ssh2 Nov 14 16:27:27 RustServer sshd[11087]: Received disconnect from 116.31.116.16 port 45100:11: [preauth] Nov 14 16:27:27 RustServer sshd[11087]: Disconnected from the authenticating user root 116.31.116.16 port 45100 [preauth] Nov 14 16:27:27 RustServer sshd[11087]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.16 user=root Nov 14 16:28:18 RustServer sshd[11093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.16 user=root Nov 14 16:28:20 RustServer sshd[11093]: Failed password for root from 116.31.116.16 port 50902 ssh2 Nov 14 16:28:23 RustServer sshd[11093]: Failed password for root from 116.31.116.16 port 50902 ssh2 Nov 14 16:28:26 RustServer sshd[11093]: Failed password for root from 116.31.116.16 port 50902 ssh2 Nov 14 16:28:26 RustServer sshd[11093]: Received disconnect from 116.31.116.16 port 50902:11: [preauth] Nov 14 16:28:26 RustServer sshd[11093]: Disconnected from the authenticating user root 116.31.116.16 port 50902 [preauth] Nov 14 16:28:26 RustServer sshd[11093]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.16 user=root Nov 14 16:29:15 RustServer sshd[11100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.16 user=root Nov 14 16:29:17 RustServer sshd[11100]: Failed password for root from 116.31.116.16 port 57274 ssh2 Nov 14 16:29:20 RustServer sshd[11100]: Failed password for root from 116.31.116.16 port 57274 ssh2 Nov 14 16:29:22 RustServer sshd[11100]: Failed password for root from 116.31.116.16 port 57274 ssh2 Nov 14 16:29:23 RustServer sshd[11100]: Received disconnect from 116.31.116.16 port 57274:11: [preauth] Nov 14 16:29:23 RustServer sshd[11100]: Disconnected from the authenticating user root 116.31.116.16 port 57274 [preauth] Nov 14 16:29:23 RustServer sshd[11100]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.16 user=root Nov 14 16:30:11 RustServer sshd[11112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.16 user=root Nov 14 16:30:13 RustServer sshd[11112]: Failed password for root from 116.31.116.16 port 63242 ssh2 Nov 14 16:30:16 RustServer sshd[11112]: Failed password for root from 116.31.116.16 port 63242 ssh2 Nov 14 16:30:19 RustServer sshd[11112]: Failed password for root from 116.31.116.16 port 63242 ssh2


and so on

How could I defend myself, this happens not in 1 time.
What is ssh2 and why it works on different ports.
by | 18 views

7 Answers

0 like 0 dislike
1) to Move the ssh port of the server with standard to another, this will block a large part of bots/scanners
2) Deny authorization to the user root via ssh
3) Put Fail2Ban to block IPS from which brute

PS Different ports it is likely the ports are outgoing connections so they are different to you, they are all knocking on the port specified in the sshd config
by
0 like 0 dislike
Utility fail2ban will help. The advantage is if you put the authorization on ssh keys.
In a network full of bots which konektatuta root access, most often on port 22, and password select a dictionary
by
0 like 0 dislike
Configure your firewalls. Ubuntu default iptables, sort of.
by
0 like 0 dislike
Hire an admin.
by
0 like 0 dislike
In addition to the response Andrew - set the "tapping", for example using this software:
\rwww.zeroflux.org/projects/knock
by
0 like 0 dislike
By the way, if the server is a vps and iptsbles is not available, you can always use ip route blackhole. In fsil2ban is not difficult.
by
0 like 0 dislike
Hmm. Lol, if smart, will score to the server if it is configured for authentication by certificate?
by

Related questions

0 like 0 dislike
1 answer
0 like 0 dislike
2 answers
0 like 0 dislike
7 answers
0 like 0 dislike
1 answer
asked Apr 9, 2019 by dfhusfhgsuo3
110,608 questions
257,186 answers
0 comments
24,756 users