<< IE下iframe显示空白 - 木子丰咪咕晶 - 开源中国社区 | 首页 | 原生Js封装的动画类 - dtdxrk - 博客园 >>

ssh - Invalid users trying to log in to my server - Information Security Stack Exchange

It is very common. Many botnets try to spread that way, so this is a wide scale mindless attack. Mitigation measures include:

  • Use passwords with high entropy which are very unlikely to be brute-forced.
  • Disable SSH login for root.
  • Use an "unlikely" user name, which botnets will not use.
  • Disable password-based authentication altogether.
  • Run the SSH server on another port than 22.
  • Use fail2ban to reject attackers' IP automatically or slow them down.
  • Allow SSH connections only from a whitelist of IP (beware not to lock yourself out if your home IP is nominally dynamic !).

Most of these measures are about keeping your log files small; even when the brute force does not succeed, the thousands of log entries are a problem since they can hide actual targeted attacks. A bit of security through obscurity (such as the unlikely user name and the port change) works marvels against mindless attackers: yeah, security through obscurity is bad and wrong and so on, but sometimes it works and you will not get fried by a vengeful deity if you use it sensibly.

A high entropy password will be effective against intelligent attackers, though, and can only be recommended in all situations.

阅读全文……

标签 : ,



发表评论 发送引用通报