Learn More
Resend Email
12
GyroGearloose
5y

So... I finally decided to secure my VPS, so I started with sudo less /var/log/auth.log ...
Short story, not even gonna read every line, just gonna reset my VPS lol

rant

reset

i know someone who is gonna say

vps

fucking bots

security

i told you...
Favorite
Ranter
Comments
  • 1
    5y
    @Condor
  • 8
    5y
    uhm why reset it? Only because you see failed logins? Does not make sense
  • 4
    5y
    @Linux maybe its successfull logins that is the problem :P
  • 1
    5y
    Yep... I'm a noob, so I don't know how compromised is the server...
    and because I don't hate it really working yet (I have a web server set, but didn't finish my webpage anyway) I'll just reset it, reinstall everything and this time install fail2ban and stuff...
    Btw, what would you guys recommend I do?
    Server? I ended up using Apache2 because I couldn't get nginx to work.
    Tools?
    Security stuff?
    Btw I'm using an encrypted key to login.
    Btw, how can I see what's running? So I can see if there is some script or deamon running. (extra for my learning)
  • 5
    5y
    grep "Failed" /var/log/auth.log | wc -l
    (get amount of failed ssh login attempts)

    grep "session opened" /var/log/auth.log | wc -l

    (successful logins)
  • 4
    5y
    @GyroGearloose to see what's running (including the files used):
    ps auxfw
  • 3
    5y
    thanks @linuxxx
    Oh Fuck.... lol
    Like 30 or 40 logins every day...
    Yah... Just gonna stop it, for now, not gonna give them a zombie server to abuse.
  • 3
    5y
    @GyroGearloose

    Are you sure that it is logins?
  • 0
    5y
    @Linux Not sure, I'm a noob at this...
    But I wouldn't be surprised, the server is running for 3 months.
    But I already had fail2ban installed, noticed when I run "ps auxfw"
  • 3
    5y
    Attacks on sshd are pretty common on the internet unfortunately.. be sure to only allow key login to prevent people from cracking it. Other than that, not much you can do about it really.. maybe move the sshd to another port to get rid of the automated scanners that only check TCP 22. Personally I tend to prefer hiding it within a VPN though, to make it entirely invisible to the rest of the internet and thus keeping the logs clean.

    If you're using Ubuntu Server, DigitalOcean has excellent tutorials on OpenVPN servers and security essentials like firewall (ufw/iptables, I recommend spending some time on learning the latter), key management and so on. I often use their tutorials myself as well.
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment