Support Forums

Support Forums > Categories > Webmaster Support > Web Server Support and Setup Help > Large Number of Failed Login Attempts
Full Version: Large Number of Failed Login Attempts
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

virus_in_town

10-07-2010, 08:14 PM
Hello everyone i receive this mail all the time , someone tries to login in my server from different IPs , is there anyway to prevent this ? Should i use firewall or something ? Unsure

"Large Number of Failed Login Attempts "

Disease

10-08-2010, 12:16 PM
(10-07-2010, 08:14 PM)virus_in_town Wrote: [ -> ]Hello everyone i receive this mail all the time , someone tries to login in my server from different IPs , is there anyway to prevent this ? Should i use firewall or something ? Unsure

"Large Number of Failed Login Attempts "

We can't help you with such a small amount of information. Where is that email being generated? SSH login attempts? What's your hosting situation (shared, VPS, dedicated)?

virus_in_town

10-08-2010, 06:25 PM
(10-08-2010, 12:16 PM)Disease Wrote: [ -> ]We can't help you with such a small amount of information. Where is that email being generated? SSH login attempts? What's your hosting situation (shared, VPS, dedicated)?

I have Dedicated server , and its automatically generated mail comes to my mentioned email address while i registered the server. Root login failed attempt

Disease

10-08-2010, 06:36 PM
(10-08-2010, 06:25 PM)virus_in_town Wrote: [ -> ]I have Dedicated server , and its automatically generated mail comes to my mentioned email address while i registered the server. Root login failed attempt

There are some simple steps you can take to secure SSH beyond the default settings. Disabling root login entirely is the best thing I can recommend. I also recommend changing the default port away from 22 to some arbitrary number. Lastly, lower the amount of time the login will be available before timing out and limit the amount of unsuccessful attempts allowed. All of this is easily done in the sshd config file, typically located at:

/etc/ssh/sshd_config

Specifically, the directives you're looking for:

Port 22 - Change the 22 to something different; make sure whatever port you choose it isn't already in use.
PermitRootLogin yes - Change to no.
LoginGraceTime 600 - The amount of time to login in seconds; go as low as 10-30 if you're comfortable with it.
MaxAuthTries 6 - Number of unsuccessful attempts allowed; go as low as you feel comfortable (if you use a password manager or otherwise copy/paste your password from a reliable source, drop this to 1).

JMK940

10-14-2010, 08:29 AM
Its handy to have these, just try and trace the IP or report them to the authorities.
Support Forums > Categories > Webmaster Support > Web Server Support and Setup Help > Large Number of Failed Login Attempts