Is someone trying to hack my server?





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







0















So I typed journalctl after ssh(ing) into the server and got the following output: (so is someone trying to hack system or is it from my side?)
(Also note the timing says 5am? but most likely none of us login into system at that time? so it something from apache/ubuntu?)



Apr 30 05:38:59 bosc-chat sshd[13590]: Failed password for root from 218.92.0.133 port 52094 ssh2

Apr 30 05:38:56 bosc-chat sshd[13592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.12  user=root

Apr 30 05:38:55 bosc-chat sshd[13590]: Failed password for root from 218.92.0.133 port 52094 ssh2

Apr 30 05:38:54 bosc-chat sshd[13590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.133  user=root

Apr 30 05:38:53 bosc-chat sshd[13566]: PAM service(sshd) ignoring max retries; 6 > 3

Apr 30 05:38:53 bosc-chat sshd[13566]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.12  user=root

Apr 30 05:38:53 bosc-chat sshd[13566]: Disconnecting authenticating user root 58.242.82.12 port 58191: Too many authentication failures [preauth]

Apr 30 05:38:53 bosc-chat sshd[13566]: error: maximum authentication attempts exceeded for root from 58.242.82.12 port 58191 ssh2 [preauth]

Apr 30 05:38:53 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2

Apr 30 05:38:50 bosc-chat sshd[13558]: PAM service(sshd) ignoring max retries; 6 > 3

Apr 30 05:38:50 bosc-chat sshd[13558]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.133  user=root

Apr 30 05:38:50 bosc-chat sshd[13558]: Disconnecting authenticating user root 218.92.0.133 port 24314: Too many authentication failures [preauth]

Apr 30 05:38:50 bosc-chat sshd[13558]: error: maximum authentication attempts exceeded for root from 218.92.0.133 port 24314 ssh2 [preauth]

Apr 30 05:38:50 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2

Apr 30 05:38:50 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2

Apr 30 05:38:47 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2

Apr 30 05:38:47 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2

Apr 30 05:38:45 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2

Apr 30 05:38:44 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2

Apr 30 05:38:42 bosc-chat sshd[13560]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root

Apr 30 05:38:42 bosc-chat sshd[13560]: Disconnected from authenticating user root 218.92.0.207 port 40772 [preauth]

Apr 30 05:38:42 bosc-chat sshd[13560]: Received disconnect from 218.92.0.207 port 40772:11:  [preauth]

Apr 30 05:38:42 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2

Apr 30 05:38:42 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2

Apr 30 05:38:41 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2

Apr 30 05:38:40 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2

Apr 30 05:38:40 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2

Apr 30 05:38:38 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2

Apr 30 05:38:38 bosc-chat sshd[13566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost


If someone is really trying to hack then is there something i can do about it?



Thank you very much!






server ssh apache2 webserver hacking







share|improve this question







New contributor




Muhammad Usman is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.



























    0















    So I typed journalctl after ssh(ing) into the server and got the following output: (so is someone trying to hack system or is it from my side?)
    (Also note the timing says 5am? but most likely none of us login into system at that time? so it something from apache/ubuntu?)



    Apr 30 05:38:59 bosc-chat sshd[13590]: Failed password for root from 218.92.0.133 port 52094 ssh2
    
Apr 30 05:38:56 bosc-chat sshd[13592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.12  user=root
    
Apr 30 05:38:55 bosc-chat sshd[13590]: Failed password for root from 218.92.0.133 port 52094 ssh2
    
Apr 30 05:38:54 bosc-chat sshd[13590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.133  user=root
    
Apr 30 05:38:53 bosc-chat sshd[13566]: PAM service(sshd) ignoring max retries; 6 > 3
    
Apr 30 05:38:53 bosc-chat sshd[13566]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.12  user=root
    
Apr 30 05:38:53 bosc-chat sshd[13566]: Disconnecting authenticating user root 58.242.82.12 port 58191: Too many authentication failures [preauth]
    
Apr 30 05:38:53 bosc-chat sshd[13566]: error: maximum authentication attempts exceeded for root from 58.242.82.12 port 58191 ssh2 [preauth]
    
Apr 30 05:38:53 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
    
Apr 30 05:38:50 bosc-chat sshd[13558]: PAM service(sshd) ignoring max retries; 6 > 3
    
Apr 30 05:38:50 bosc-chat sshd[13558]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.133  user=root
    
Apr 30 05:38:50 bosc-chat sshd[13558]: Disconnecting authenticating user root 218.92.0.133 port 24314: Too many authentication failures [preauth]
    
Apr 30 05:38:50 bosc-chat sshd[13558]: error: maximum authentication attempts exceeded for root from 218.92.0.133 port 24314 ssh2 [preauth]
    
Apr 30 05:38:50 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
    
Apr 30 05:38:50 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
    
Apr 30 05:38:47 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
    
Apr 30 05:38:47 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
    
Apr 30 05:38:45 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
    
Apr 30 05:38:44 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
    
Apr 30 05:38:42 bosc-chat sshd[13560]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
    
Apr 30 05:38:42 bosc-chat sshd[13560]: Disconnected from authenticating user root 218.92.0.207 port 40772 [preauth]
    
Apr 30 05:38:42 bosc-chat sshd[13560]: Received disconnect from 218.92.0.207 port 40772:11:  [preauth]
    
Apr 30 05:38:42 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
    
Apr 30 05:38:42 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2
    
Apr 30 05:38:41 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
    
Apr 30 05:38:40 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2
    
Apr 30 05:38:40 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
    
Apr 30 05:38:38 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2
    
Apr 30 05:38:38 bosc-chat sshd[13566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost


    If someone is really trying to hack then is there something i can do about it?



    Thank you very much!






    server ssh apache2 webserver hacking







    share|improve this question







    New contributor




    Muhammad Usman is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.























      0












      0








      0








      So I typed journalctl after ssh(ing) into the server and got the following output: (so is someone trying to hack system or is it from my side?)
      (Also note the timing says 5am? but most likely none of us login into system at that time? so it something from apache/ubuntu?)



      Apr 30 05:38:59 bosc-chat sshd[13590]: Failed password for root from 218.92.0.133 port 52094 ssh2
      
Apr 30 05:38:56 bosc-chat sshd[13592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.12  user=root
      
Apr 30 05:38:55 bosc-chat sshd[13590]: Failed password for root from 218.92.0.133 port 52094 ssh2
      
Apr 30 05:38:54 bosc-chat sshd[13590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.133  user=root
      
Apr 30 05:38:53 bosc-chat sshd[13566]: PAM service(sshd) ignoring max retries; 6 > 3
      
Apr 30 05:38:53 bosc-chat sshd[13566]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.12  user=root
      
Apr 30 05:38:53 bosc-chat sshd[13566]: Disconnecting authenticating user root 58.242.82.12 port 58191: Too many authentication failures [preauth]
      
Apr 30 05:38:53 bosc-chat sshd[13566]: error: maximum authentication attempts exceeded for root from 58.242.82.12 port 58191 ssh2 [preauth]
      
Apr 30 05:38:53 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
      
Apr 30 05:38:50 bosc-chat sshd[13558]: PAM service(sshd) ignoring max retries; 6 > 3
      
Apr 30 05:38:50 bosc-chat sshd[13558]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.133  user=root
      
Apr 30 05:38:50 bosc-chat sshd[13558]: Disconnecting authenticating user root 218.92.0.133 port 24314: Too many authentication failures [preauth]
      
Apr 30 05:38:50 bosc-chat sshd[13558]: error: maximum authentication attempts exceeded for root from 218.92.0.133 port 24314 ssh2 [preauth]
      
Apr 30 05:38:50 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
      
Apr 30 05:38:50 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
      
Apr 30 05:38:47 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
      
Apr 30 05:38:47 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
      
Apr 30 05:38:45 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
      
Apr 30 05:38:44 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
      
Apr 30 05:38:42 bosc-chat sshd[13560]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
      
Apr 30 05:38:42 bosc-chat sshd[13560]: Disconnected from authenticating user root 218.92.0.207 port 40772 [preauth]
      
Apr 30 05:38:42 bosc-chat sshd[13560]: Received disconnect from 218.92.0.207 port 40772:11:  [preauth]
      
Apr 30 05:38:42 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
      
Apr 30 05:38:42 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2
      
Apr 30 05:38:41 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
      
Apr 30 05:38:40 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2
      
Apr 30 05:38:40 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
      
Apr 30 05:38:38 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2
      
Apr 30 05:38:38 bosc-chat sshd[13566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost


      If someone is really trying to hack then is there something i can do about it?



      Thank you very much!






      server ssh apache2 webserver hacking







      share|improve this question







      New contributor




      Muhammad Usman is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.












      So I typed journalctl after ssh(ing) into the server and got the following output: (so is someone trying to hack system or is it from my side?)
      (Also note the timing says 5am? but most likely none of us login into system at that time? so it something from apache/ubuntu?)



      Apr 30 05:38:59 bosc-chat sshd[13590]: Failed password for root from 218.92.0.133 port 52094 ssh2
      
Apr 30 05:38:56 bosc-chat sshd[13592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.12  user=root
      
Apr 30 05:38:55 bosc-chat sshd[13590]: Failed password for root from 218.92.0.133 port 52094 ssh2
      
Apr 30 05:38:54 bosc-chat sshd[13590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.133  user=root
      
Apr 30 05:38:53 bosc-chat sshd[13566]: PAM service(sshd) ignoring max retries; 6 > 3
      
Apr 30 05:38:53 bosc-chat sshd[13566]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.12  user=root
      
Apr 30 05:38:53 bosc-chat sshd[13566]: Disconnecting authenticating user root 58.242.82.12 port 58191: Too many authentication failures [preauth]
      
Apr 30 05:38:53 bosc-chat sshd[13566]: error: maximum authentication attempts exceeded for root from 58.242.82.12 port 58191 ssh2 [preauth]
      
Apr 30 05:38:53 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
      
Apr 30 05:38:50 bosc-chat sshd[13558]: PAM service(sshd) ignoring max retries; 6 > 3
      
Apr 30 05:38:50 bosc-chat sshd[13558]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.133  user=root
      
Apr 30 05:38:50 bosc-chat sshd[13558]: Disconnecting authenticating user root 218.92.0.133 port 24314: Too many authentication failures [preauth]
      
Apr 30 05:38:50 bosc-chat sshd[13558]: error: maximum authentication attempts exceeded for root from 218.92.0.133 port 24314 ssh2 [preauth]
      
Apr 30 05:38:50 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
      
Apr 30 05:38:50 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
      
Apr 30 05:38:47 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
      
Apr 30 05:38:47 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
      
Apr 30 05:38:45 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
      
Apr 30 05:38:44 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
      
Apr 30 05:38:42 bosc-chat sshd[13560]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
      
Apr 30 05:38:42 bosc-chat sshd[13560]: Disconnected from authenticating user root 218.92.0.207 port 40772 [preauth]
      
Apr 30 05:38:42 bosc-chat sshd[13560]: Received disconnect from 218.92.0.207 port 40772:11:  [preauth]
      
Apr 30 05:38:42 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
      
Apr 30 05:38:42 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2
      
Apr 30 05:38:41 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
      
Apr 30 05:38:40 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2
      
Apr 30 05:38:40 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
      
Apr 30 05:38:38 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2
      
Apr 30 05:38:38 bosc-chat sshd[13566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost


      If someone is really trying to hack then is there something i can do about it?



      Thank you very much!






      server ssh apache2 webserver hacking




      server ssh apache2 webserver hacking






      share|improve this question







      New contributor




      Muhammad Usman is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question







      New contributor




      Muhammad Usman is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question






      New contributor




      Muhammad Usman is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked 20 mins ago









      Muhammad UsmanMuhammad Usman

      1




      1




      New contributor




      Muhammad Usman is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      Muhammad Usman is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      Muhammad Usman is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















          1 Answer
          1






          active

          oldest

          votes


















          0














          Yes, someone is actively trying to guess your root password.



          Some steps you can do to mitigate the possibility of you getting hacked:




          • Make sure your root password is long and unique.

          • Check that all your server's aplications and services are updated to
            the current version, and are regularly updated.

          • Install an intrusion prevention system. Fail2Ban is a very good one
            that will block IP attempts after X number of failed login attempts.

          • Reduce the number of IPs that are able to connect to your SSH server
            on your firewall, to your country/region and if possible, ISP. For
            example, if you live in US, you aren't going to login to your
            server from Rusia or China.

          • Hide your server IP behind a proxy service. Cloudflare is a great
            provider for that, and has free plans available.

          • Establish an email alert to notify you when someone logs in to the server.


          I'm sure there are other things you can do to harden your server, but this will be a good start.





          share
























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "89"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });






            Muhammad Usman is a new contributor. Be nice, and check out our Code of Conduct.










            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1139459%2fis-someone-trying-to-hack-my-server%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            Yes, someone is actively trying to guess your root password.



            Some steps you can do to mitigate the possibility of you getting hacked:




            • Make sure your root password is long and unique.

            • Check that all your server's aplications and services are updated to
              the current version, and are regularly updated.

            • Install an intrusion prevention system. Fail2Ban is a very good one
              that will block IP attempts after X number of failed login attempts.

            • Reduce the number of IPs that are able to connect to your SSH server
              on your firewall, to your country/region and if possible, ISP. For
              example, if you live in US, you aren't going to login to your
              server from Rusia or China.

            • Hide your server IP behind a proxy service. Cloudflare is a great
              provider for that, and has free plans available.

            • Establish an email alert to notify you when someone logs in to the server.


            I'm sure there are other things you can do to harden your server, but this will be a good start.





            share




























              0














              Yes, someone is actively trying to guess your root password.



              Some steps you can do to mitigate the possibility of you getting hacked:




              • Make sure your root password is long and unique.

              • Check that all your server's aplications and services are updated to
                the current version, and are regularly updated.

              • Install an intrusion prevention system. Fail2Ban is a very good one
                that will block IP attempts after X number of failed login attempts.

              • Reduce the number of IPs that are able to connect to your SSH server
                on your firewall, to your country/region and if possible, ISP. For
                example, if you live in US, you aren't going to login to your
                server from Rusia or China.

              • Hide your server IP behind a proxy service. Cloudflare is a great
                provider for that, and has free plans available.

              • Establish an email alert to notify you when someone logs in to the server.


              I'm sure there are other things you can do to harden your server, but this will be a good start.





              share


























                0












                0








                0







                Yes, someone is actively trying to guess your root password.



                Some steps you can do to mitigate the possibility of you getting hacked:




                • Make sure your root password is long and unique.

                • Check that all your server's aplications and services are updated to
                  the current version, and are regularly updated.

                • Install an intrusion prevention system. Fail2Ban is a very good one
                  that will block IP attempts after X number of failed login attempts.

                • Reduce the number of IPs that are able to connect to your SSH server
                  on your firewall, to your country/region and if possible, ISP. For
                  example, if you live in US, you aren't going to login to your
                  server from Rusia or China.

                • Hide your server IP behind a proxy service. Cloudflare is a great
                  provider for that, and has free plans available.

                • Establish an email alert to notify you when someone logs in to the server.


                I'm sure there are other things you can do to harden your server, but this will be a good start.





                share













                Yes, someone is actively trying to guess your root password.



                Some steps you can do to mitigate the possibility of you getting hacked:




                • Make sure your root password is long and unique.

                • Check that all your server's aplications and services are updated to
                  the current version, and are regularly updated.

                • Install an intrusion prevention system. Fail2Ban is a very good one
                  that will block IP attempts after X number of failed login attempts.

                • Reduce the number of IPs that are able to connect to your SSH server
                  on your firewall, to your country/region and if possible, ISP. For
                  example, if you live in US, you aren't going to login to your
                  server from Rusia or China.

                • Hide your server IP behind a proxy service. Cloudflare is a great
                  provider for that, and has free plans available.

                • Establish an email alert to notify you when someone logs in to the server.


                I'm sure there are other things you can do to harden your server, but this will be a good start.






                share











                share


                share










                answered 4 mins ago









                Luis Alberto BarandiaranLuis Alberto Barandiaran

                113




                113






















                    Muhammad Usman is a new contributor. Be nice, and check out our Code of Conduct.










                    draft saved

                    draft discarded


















                    Muhammad Usman is a new contributor. Be nice, and check out our Code of Conduct.













                    Muhammad Usman is a new contributor. Be nice, and check out our Code of Conduct.












                    Muhammad Usman is a new contributor. Be nice, and check out our Code of Conduct.
















                    Thanks for contributing an answer to Ask Ubuntu!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1139459%2fis-someone-trying-to-hack-my-server%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    GameSpot

                    Image
                    body.skin-minerva .mw-parser-output table.infobox caption{text-align:center} GameSpot 戰地風雲:惡名昭彰2在Gamespot的評論 网站类型 新聞 持有者 CBS 创始人 Pete Deemer Vince Broady Jon Epstein 网站 http://www.gamespot.com/ 注册 Optional (free and paid) 推出时间 1996年5月1日 [1] GameSpot (中国大陆:游戏基地),於1996年5月由Pete Deemer和Vince Broady創立,是一個提供新聞、評論、預告片、下載及其他的相關資訊的電子遊戲網站。GameSpot被一間後來被CNET收購的企業ZDNet所收購。根據Alexa,GameSpot.com是200個網路擁擠最嚴重的網站之一。 除了由GameSpot員工創作的內容,網站還允許用戶寫評論、網誌、之後在網路論壇分享。一些在CNET旗下的GameFAQs分享。 2004年, GameSpot被Spike TV的觀眾選上「電子遊戲賞節目」贏得「最傑出遊戲網站。 [2] 其他的遊戲網站還有IGN、1UP.com、GameSpy是它最大的競爭對手。2008年,根據Compete.com的統計,「gamespot.com」吸引了最少6000萬人的點擊率。 [3] GameSpot的主頁鏈結了到最近新聞、評論、預告、和一些有關遊戲機的入口:Wii、任天堂DS、電腦遊戲、Xbox 360、PSP、PlayStation 2、PlayStation 3。它還有一列「最受歡迎遊戲名單」,還有給用戶快速獲得遊戲資訊的搜尋器。GameSpot 還包括一些小範圍的遊戲機:任天堂64、GameCube、Game Boy Color、Game Boy Advance、Xbox、PlayStation、SEGA Saturn、Dreamcast、Neo Geo Pocket Color、N-Gage、手機遊戲。 目录 1 歷史 1.1 國際歷史 1.2 著名的員工 2 評論和分
                    Read more

                    connect to host localhost port 22: Connection refused

                    Image
                    .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0; } 1 1 I created a Ubuntu Vagrant box and ssh'd into it. Now, created a ssh key and trying to ssh to my localhost but I get the following error. vagrant@vagrant-ubuntu-trusty-64:~$ ssh -vvvv localhost OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to localhost [127.0.0.1] port 22. debug1: connect to address 127.0.0.1 port 22: Connection refused ssh: connect to host localhost port 22: Connection refused When I check the list of ports opened as follows: vagrant@vagrant-ubuntu-trusty-64:~$ s
                    Read more

                    Getting a Wifi WPA2 wifi connection

                    Image
                    .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0; } 0 I've been trying to get a simple wifi connection ! bu I have to admit I just can't get it done ! here is what I've tried: root@MYONE:/etc# clear root@MYONE:/etc# vi wpa_supplicant.conf ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=0 update_config=1 network={ ssid="Mi Engine" psk="7407352688e4" } root@MYONE:/etc# iw wlan0 link Not connected. root@MYONE:/etc# ifconfig eth0 Link encap:Ethernet HWaddr 74:FE:48:3A:55:AB inet addr:192.168.178.88 Bcast:192.168.178.255 Mask:255.255.255.0 inet6 addr: fe80::76fe:48ff:fe3a:55ab%4804152/64 Scope:Link UP BRO
                    Read more