On Sun, 10 Jun 2018 20:24:41 +0900 likcoras <[email protected]> wrote:
> On 06/10/2018 07:55 PM, deloptes wrote: > > Hi, > > I recently get many of those, which means someone found out that ssh > > external is on port 22222 and is trying to do some evil work there. > > Should I worry or do something? > > > Similar for apache web server. > > I think both are secure: for ssh no users with easy password > > allowed to login and apache - no pages or stuff that would > > compromise. > > > > thanks for opinion > > > > regards > > > > Welcome to the Internet! > > If you're confident of your setup, you can safely ignore them. If > you're annoyed by the logs, you could set up something like fail2ban > to block connections from IPs that have made too many bad attempts > (although this could possibly be used to lock you out). > > My recommendation is the same as Dan's, consider disabling password > login to allow only pubkey authentication. Same with the ports, I > usually don't bother with using a non-standard port since it would, at > best, only reduce the volume of attacks and not really provide any > additional security. > I've found it reduces the volume of attacks by something very close to 100%, which I think is worth having in exchange for a truly trivial effort. 2222 or 22222 are obvious ports to try, but not many people will try a full portscan across the Net. But yes, get rid of passwords completely, and make sure the private key you carry with you is well encrypted. -- Joe
