Your node security (hacker attaks et al)

Hi,
reading my logs I get to know that my node is under
brute force attacks over ssh.
Many connections refused upon wrong username and password.

In my Linux system, this is reported in /var/log/auth.log:

… sshd[23240]: Invalid user webadmin from 91.197.232.109
… sshd[23240]: input_userauth_request: invalid user webadmin [preauth]
… sshd[23240]: error: Could not get shadow information for NOUSER
… sshd[23240]: Failed password for invalid user webadmin from 91.197.232.109 port 34751 ssh2
… sshd[23234]: reverse mapping checking getaddrinfo for hostby.planet-telecom.eu [91.197.232.109] failed - POSSIBLE BREAK-IN ATTEMPT!

Does someone already addressed this problem?

in me experience, this is completely normal. those are bots exploiting weak passwords. If you leave your linux desktop directly on internet (no firewall, no rauter etc …) you will get the same auth.log

If you get paranoid you can set up firewall with IPTABLES or disable password authentication on ssh

1 Like

try to use fail2ban