[SOLVED] Brute Force attack?
#11
I faced a similar situation and I did my researches and I discovered the ways to secure your VPS, which is:

1. Disable root user.
2. Use unusual usernames.
3. Use SSH key based authentication.
4. Install fail2ban.
5. Change your SSH port (this step isn't necessary, if you have done all steps above.)
6. Use very complicated passwords. (you can google for some techniques to create/remember hard passwords)
7. Run only trustworthy scripts/programs or whatever as sudo. (root/super user)

That's what I saw on my 2 hours searching for solutions when I faced a brute force attack on my free VPS.
#12
Thanks for all the suggestion, i also suggest adding a basic vps hardeing FAQ where there will be these suggestion to the FAQ so the new users could get basic security for their vps. You can close this thread now
#13
@dudex most scripts don't work with custom SSH ports, so I won't recommend it.

I prefer keeping a backup port for SSH and disable port 22 whenever it is not needed by the bots/scripts.

@Ignis : maybe recommend random passwords generated from https://www.random.org/passwords/
If your using passwords since they are (obviously) random and secure.

I use a password from random.org, the more characters the better (max 24)
#14
@MichaelW

I didn't know about that. I have always changed the shh port whenever I configure a server and yet to find a problem with that. Well I don't use loads of scripts though. Only use popular stuff like Wordpress, SMF, Mybb etc.
[Image: img.php?userid=8114&vps1]



#15
@Kotagami has your issue been solved? If so please mark this as solved with the [SOLVED] prefix and we will close this thread.




Users browsing this thread: 1 Guest(s)