Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Yep... I'm a noob, so I don't know how compromised is the server...
and because I don't hate it really working yet (I have a web server set, but didn't finish my webpage anyway) I'll just reset it, reinstall everything and this time install fail2ban and stuff...
Btw, what would you guys recommend I do?
Server? I ended up using Apache2 because I couldn't get nginx to work.
Tools?
Security stuff?
Btw I'm using an encrypted key to login.
Btw, how can I see what's running? So I can see if there is some script or deamon running. (extra for my learning) -
grep "Failed" /var/log/auth.log | wc -l
(get amount of failed ssh login attempts)
grep "session opened" /var/log/auth.log | wc -l
(successful logins) -
thanks @linuxxx
Oh Fuck.... lol
Like 30 or 40 logins every day...
Yah... Just gonna stop it, for now, not gonna give them a zombie server to abuse. -
@Linux Not sure, I'm a noob at this...
But I wouldn't be surprised, the server is running for 3 months.
But I already had fail2ban installed, noticed when I run "ps auxfw" -
Condor323326yAttacks on sshd are pretty common on the internet unfortunately.. be sure to only allow key login to prevent people from cracking it. Other than that, not much you can do about it really.. maybe move the sshd to another port to get rid of the automated scanners that only check TCP 22. Personally I tend to prefer hiding it within a VPN though, to make it entirely invisible to the rest of the internet and thus keeping the logs clean.
If you're using Ubuntu Server, DigitalOcean has excellent tutorials on OpenVPN servers and security essentials like firewall (ufw/iptables, I recommend spending some time on learning the latter), key management and so on. I often use their tutorials myself as well.
Related Rants
So... I finally decided to secure my VPS, so I started with sudo less /var/log/auth.log ...
Short story, not even gonna read every line, just gonna reset my VPS lol
rant
reset
i know someone who is gonna say
vps
fucking bots
security
i told you...