Hi. On Sun, Jun 10, 2018 at 12:55:24PM +0200, deloptes wrote: > Hi, > I recently get many of those, which means someone found out that ssh > external is on port 22222 and is trying to do some evil work there. > Should I worry or do something? > Similar for apache web server.
You mean that all these connections originate from 197.159.128.171? "iptables -I INPUT -s 197.159.128.171/29 -j DROP" will take care of it. While you're at it, write an abuse letter to Jonathan Lamptey - he? owns problematic IP range according to AFRINIC. > I think both are secure: for ssh no users with easy password allowed to > login If you have password-enabled ssh with stock Ciphers, MACs, and Kex'es enabled, and your only protection is non-standard ssh port - then you are doing it wrong. Set these to /etc/ssh/sshd_config, and watch all those script-kiddies cry as they won't be able to connect to you at all: Ciphers chacha20-poly1...@openssh.com,aes256-...@openssh.com MACs hmac-sha2-512-...@openssh.com,hmac-sha2-256-...@openssh.com,umac-128-...@openssh.com KexAlgorithms curve25519-sha...@libssh.org,diffie-hellman-group-exchange-sha256 And forbid ssh password authentication. They've invented key-based authentication for cases like yours 15 years ago. > and apache - no pages or stuff that would compromise. As long as this apache serves static HTML only then you're probably safe indeed. Reco