If you own a VPS that is exposed to the internet then it is probably being scanned by botnets to determine if SSH is exposed and could be bruteforced. It doesn’t really matter what you do.
You’re probably thinking that absolutely no one will attempt to gain access to your server if you’re not using it for anything valuable. Well… you’re wrong. Even if the server is idling and doing nothing it is probably already discovered and having its ports scanned.
I found this out by chance while testing NixStats for an upcoming review. I installed their Logging agent and to my surprise, I see random IPs (predominantly from China) attempting to login through SSH with different usernames and incorrect passwords. The IPs were even attempting to use different ports instead of the typical port 22 to see if you changed it for added security.
At first, I was obviously concerned, but a quick Google search shows that this is incredibly typical and nothing out of the ordinary. Millions of machines that are compromised will be doing this to any public server. The rate at which these bruteforcing attacks happen is mind boggling. I was seeing at least 20 requests every single minute being dumped to my logs as they guess the incorrect password.
If you are using a non-dictionary attack vulnerable password, then you’re probably fine for a very long time. It would be very unlikely for any of these attempts to guess your password. However, if you’re using a weak password, or even a strong one that has been leaked before, you’re in trouble. Compromised VPSs are using for all sorts of nefarious behavior. You will probably end up sending large amounts of spam through your mailserver (compromised postfix) and end up getting your server IP blacklisted in a matter of hours. Delisting after such a compromise is a manual and time consuming process that you probably want to avoid.
You may also end up being part of DDOS attacks through a botnet, and could potentially land in hot water with your service provider if complains start coming in.
Let’s not let that happen…
Protecting yourself is actually a trivial process. Instead of having to worry about all the problems we already discussed, we can simply do the following:
To continue reading the rest of this post, please pay 1 USD using Bitcoin Lightning.Pay with Bitcoin (Lightning)