Home Tutorials & Reviews Fail2Ban: SSH Bruteforce Protection for VPS Owners
Tutorials & Reviews

Fail2Ban: SSH Bruteforce Protection for VPS Owners

by Skander Helali
by Skander Helali 1,345 views
Reading Time: 3 minutes.

The problem:

If you own a VPS that is exposed to the internet then it is probably being scanned by botnets to determine if SSH is exposed and could be bruteforced. It doesn’t really matter what you do.

You’re probably thinking that absolutely no one will attempt to gain access to your server if you’re not using it for anything valuable. Well… you’re wrong. Even if the server is idling and doing nothing it is probably already discovered and having its ports scanned.

I found this out by chance while testing NixStats for an upcoming review. I installed their Logging agent and to my surprise, I see random IPs (predominantly from China) attempting to login through SSH with different usernames and incorrect passwords. The IPs were even attempting to use different ports instead of the typical port 22 to see if you changed it for added security.

At first, I was obviously concerned, but a quick Google search shows that this is incredibly typical and nothing out of the ordinary. Millions of machines that are compromised will be doing this to any public server. The rate at which these bruteforcing attacks happen is mind boggling. I was seeing at least 20 requests every single minute being dumped to my logs as they guess the incorrect password.

If you are using a non-dictionary attack vulnerable password, then you’re probably fine for a very long time. It would be very unlikely for any of these attempts to guess your password. However, if you’re using a weak password, or even a strong one that has been leaked before, you’re in trouble. Compromised VPSs are using for all sorts of nefarious behavior. You will probably end up sending large amounts of spam through your mailserver (compromised postfix) and end up getting your server IP blacklisted in a matter of hours. Delisting after such a compromise is a manual and time consuming process that you probably want to avoid.

You may also end up being part of DDOS attacks through a botnet, and could potentially land in hot water with your service provider if complains start coming in.

Let’s not let that happen…

Protecting yourself is actually a trivial process. Instead of having to worry about all the problems we already discussed, we can simply do the following:

To continue reading the rest of this post, please pay 1 USD using Bitcoin Lightning.

Pay with Bitcoin (Lightning)

You may also like

Cloudflare WARP+ (Plus) Testing/Review in Qatar: Meh.

Unblock Houseparty and other VoIP apps in Qatar...

PSK Hosting & AlphaRacks Debacle (SCAM Warning)

Using Castnow on Linux with FFmpeg for Chromecast...

Increase Deliverability with SPF on Self Hosted Postfix...

AlphaVPS Benchmarks and Review – Cheap KVM/OVZ VPS

Port Forwarding on the Ooredoo Fibre Home Gateway

Protect Your Privacy and Avoid ISP Snooping With...

Default Administrator and Super Admin Password of the...

UPDATE: DOWN | NodeQuery Review & Tutorial: VPS...

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
ramblings and nonsense. nsfw.
© 2021 - Helali.me. All Rights Reserved.

This website uses cookies to improve your experience. Accept Read More

0
Would love your thoughts, please comment.x
()
x