arrow_upward

Pages (2):
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Is this normal? (48 failed login attempts)
#1
Quote:Last failed login: Fri Dec 14 12:53:59 EST 2018 from 218.92.1.142 on ssh:notty
There were 48 failed login attempts since the last successful login.
Last login: Fri Jul 13 06:23:06 2018

That seems a bit excessive, so I figured I'd ask if that's normal. I've had other VPSes (I'm never sure how to pluralize that) and I've never seen it that high - ever.

I've got a fairly robust password, so I am not too worried. Still, that seem like a pretty big number to me.
Happily sponsored by Shadow Hosting & Post4VPS!
#2
not excessive at all. that is very common. the are so many bad actors out there scanning for vulnerable services. those are from autobots.. lol

also there might be some good people or effort among those. May be trying to make a complete map of everything going on in the netspace.

Server to servers. so i guess VPSs. but then it is not a logic class. it is a living breathing language we are talking about ( gut, nut, cut, but put). also English is not my mother tongue. still I'm fairly certain it is so. i read somewhere.

big and long and mixed password is the key here. also please use rate limiting in some form. like say 5 failed login attempt from an ip within 3 minute bans it for a day or something.

other good measures would be -

1) change the ssh port.

2) check and confirm the default setting of root not being able to login using password is there.

3) configure login using certificates.
Sincere Thanks to VirMach for my VPS9. Also many thanks to Shadow Hosting and cubedata for the experiences I had with their VPSs.
#3
@rudra Thanks! I'll be locking things down after I figure out what I'm going to be doing. Right now, if it gets p0wned then I don't really care *too* much.

I think I've re-installed the OS a dozen times already! ;-)

It seems whenever I install a control panel with Virtualizor something goes wrong, so I'm just doing it manually. Well, CentOS Web Panel installed pretty well. That was neat but way over my head - so I'm sure I'll play with it at some point.

Right now, I have CentOS and "Webuzo." That was remarkably easy to set up and I am almost done configuring it. I'll then need to go to the domain registrar and get things like nameservers hooked up.

It's a lot of fun and has been pretty educational. I love learning new things! I'm also pretty happy with the VPS, though I found one oddity. I'll do some triple checking and then I'll post about that oddity in another thread, as it's a different subject.

And, you've all been very helpful. I'm learning a great deal from you - and I appreciate that.
Happily sponsored by Shadow Hosting & Post4VPS!
#4
I left a VPS for like a month and when i logged back in, it was like 10k+ failed login attempts. I never shared the IP with anyone but still... Although @rudra is right about bots, there is nothing to worry about unless you have passwords like 1234 147258369, etc.
Premium Web Hosting | ShadowCrypt | Manal Shaikh Official Website
If you find my post/thread useful, you're supposed to +rep me. 
#5
thanks.

I think you should very much care about not getting pawned always. cause then they will do some messy stuff through your system and you can be pretty sure your provider (does not matter if it is a free one from here or you paid) will boot you off.

Manal is right. but one thing we often forget is that even when we are trying to be clever about our passwords, we usually end up using some patterns. and there are many real password dumps and databases out there that hackers can use to teach a system about this patterns and generate clever realistic passwords. that's why it is always better to use a random password generator.

i can further describe how to put the above mentioned ways into work. but then you could pretty much Google them and have much better tutorials. only thing I would like to add about those online tutorials would be, please don't follow them blindly. always give them a read first and understand the logic behind the steps. them modify the steps according to your needs and do it.

keeping a password manager helps a lot. i use some kind of free open source manager that can read my kdbx file where I save passwords. i install it on my pc. also i keep one on my mobile. it has this USB virtual keyboard extension. so you can just plug in your mobile to a computer using data cable and use that program to type the whole thing with few clicks. not one click though. you have to unlock the kdbx with your master password. haha

please use real long ones with mixed characters and symbols. I often use 30-40 characters long ones. as good as total lock down. they can bruteforce all they want. but they won't break it in a couple of lifetimes.

i don't know anything about panels. not from personal experience. cause I have none. i never use them. they only extend the attack surface and also adds another point of failure and some more load on the system. i rather try to know as much I can about Linux itself to do things manually. in ssh. it is fun.

you can always ask. even ask when you don't get something in some online tutorial. we will try our best to help each other out.
Sincere Thanks to VirMach for my VPS9. Also many thanks to Shadow Hosting and cubedata for the experiences I had with their VPSs.
#6
@KGIII I went through the same experience with my HostUS VPS a few months ago and worked on all kinds of things to lock it down.  One thing that I learned through a hard lesson was that there's a good chance you can lock yourself out of your VPS with some of the techniques.  Such as what happened to me when I tried to implement keyless entry and set it up such that my VPS login was disabled.  It worked perfectly for a while until something happened (I still don't know what it was) that got me locked out of my VPS.  Fortunately my HostUS VPS comes with an excellent Admin Panel so I was able to load an OS and start from scratch again.  

What I learned through hard experience with the above situation was the most important thing to do is to change the SSH Port number (that is by default always 22).  That got rid of almost all of the failed login attempts.  Since changing the port number I very rarely get a notification that there are any failed login attempts.  

When one changes the number of the port it has to be a different random number that is unique and greater than 1023.  Ideal numbers are from 49152 through 65535.  Refer explanation of the port numbering in the article below.
http://www.linuxlookup.com/howto/change_...t_ssh_port

I also use a very long and complicated password and try to change it from time to time by inserting and replacing digits etc.  I use this Website to generate the random passwords:
https://passwordsgenerator.net/


Here is a very good article about how to change the port number and which numbers to choose for the port:
http://www.linuxlookup.com/howto/change_...t_ssh_port

In summary you do it with the vi edit command line:

vi /etc/ssh/sshd_config

I always have to refresh my knowledge of the vi codes to use as it's an editor and uses very old fashioned key strokes - most important one for me is ESC and :qw to save and get out of the edit screen. At the end of saving it I redo the vi edit command just to check the change has been made.  You make the change at the following line:

#Port 22

Remove the # and then replace the 22 with the new port number.  

Keyless entry is also easy to do and it did work well for a little while.  Lots of literature online how to do it.  I did it with my Putty Dashboard and Keygen. I don't think I really needed it however as my VPS is mostly passive, I don't have comments enabled for my blogs, nor e-mail and I don't think people are really that interested in my Websites as I don't advertise them as such.  I think keyless entry is probably more suited for people who have very busy games servers or servers with plenty of intense traffic and interest and interaction with members with e-mail, chat, forums etc.
Terminal
Thank you to Post4VPS and VirMach for my awesome VPS 9!  
#7
what you probably mean is passwordless. anyway.

you could recover from that using vnc console from the control panel.

also I believe it is better to use nano than vi for mortal creatures like us. if you want to learn it all then vi can be very helpful. otherwise it will always be more of a pain in the nether region. it has a very steep learning curve and takes lots of initial practice. also it is mainly good for people who type a lot. but wait.... I know someone like that. haha.. Steep learning curve... remember..
Sincere Thanks to VirMach for my VPS9. Also many thanks to Shadow Hosting and cubedata for the experiences I had with their VPSs.
#8
(12-15-2018, 04:18 AM)rudra Wrote: what you probably mean is passwordless. anyway.
Yes.  That's what I meant.  

(12-15-2018, 04:18 AM)rudra Wrote: you could recover from that using vnc console from the control panel.
Haha .... I didn't know that.  Blush   I just checked up now and there is a Console in my control panel - to be used in emergencies only. OK, this is really good to know thanks.  

BTW this is what it looks like in my HostUS Breeze Panel: 

[Image: bIpMaSN.png]

(12-15-2018, 04:18 AM)rudra Wrote: also I believe it is better to use nano than vi for mortal creatures like us. if you want to learn it all then vi can be very helpful. otherwise it will always be more of a pain in the nether region. it has a very steep learning curve and takes lots of initial practice. also it is mainly good for people who type a lot. but wait.... I know someone like that. haha.. Steep learning curve... remember..
OK, now I feel MUCH better.  As VIM made me feel I'm more than dumb - as the commands always feel clumsy.  I've used nano before, but then thought maybe geeks are proficient with using vi as VIM seems to be the editor that appears in most tutorials and not Nano.  So maybe it's the other way round then.  Which is almost strange as with CentOS I have to load Nano, VIM comes pre-loaded.  Anyway, I've just installed Nano.  I now remember that all of the keys appear when one does the edits.  No need to really Google any of it.  This is indeed much much easier.  Thanks for the tip.  Cool

Just found a nice tutorial for it too:
https://www.linode.com/docs/tools-refere...-commands/
Terminal
Thank you to Post4VPS and VirMach for my awesome VPS 9!  
#9
vi and vim and emacs... these are good for those who have put lots of hours to make the shortcuts muscle memory. that let's you type, replace, correct text in a blazing fast speed.
but for us look and find and peck at the kb guys, nano is much much more helpful.

vim preinstalled cause vi predates nano and was there. vim just got the place as the successor to vi.

people write about vi/vim cause either they are really used to it or try to raise their coolness quotient. but that is silly. the most important is usability here.
Sincere Thanks to VirMach for my VPS9. Also many thanks to Shadow Hosting and cubedata for the experiences I had with their VPSs.
#10
my record of failed login attempts is 100k.
believe it or not, I doubled my login password and closed all ports.

and by checking what it was it was a just a bot as usual.
Pages (2):


Possibly Related Threads…
Thread
Author
Replies
Views
Last Post
3,725
07-21-2019, 10:21 AM
Last Post: hamed

person_pin_circle Users browsing this thread: 4 Guest(s)
Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting