31
My home server got hit with a weird login attempt from a city I've never been to
I was checking my logs yesterday and saw a failed SSH login from an IP in Jakarta, which is wild because I live in Ohio. I had a weak password on a test account I forgot about, so I changed it and set up fail2ban right away. Has anyone else had something like this happen, and what did you do next?
3 comments
Log in to join the discussion
Log In3 Comments
logan52516d ago
Did you check if the test account was the only one with a weak password, or did you audit all your user accounts and keys? It's good you set up fail2ban, but that only stops brute force. You should also think about disabling password logins entirely and only using SSH keys.
1
davidkim16d agoProlific Poster
Good point, I should do a full audit. SSH keys only is the move for sure.
5
rowanhernandez16d ago
Yeah, and logan525 is right about SSH keys.
1