So you can see this clear right?
I have litereally 116 mails in just 5 hours of Fail2Ban so can anyone please tell me why they are trying to login into my server I don’t have anything that can be useful for hackers also I am not a big tech company that they are targeting me I just have a small website hosted on my server can anyone please help me fight these bad hackers?
It’s likely a bot trying to automatically try to get into your system. That’s standard procedure around the internet. There are trillions of bots active, every single day, scanning millions of servers for vulnerabilities.
I get attempts to access PHP admin configuration on my server, every single day, as well.
That’s “normal” in our world.
It’s likely there is no human sitting and doing that. Except maybe your “friend” from earlier…
1 Like
Are you sure?
nope he don’t even know about linux.
It’s happening all the time, everywhere. Just look at any server logs, in the world.
So other than updating my system I need to do something or just keep calm.
yes of-course
There are ways to minimise the risk. Usually, it’s not needed but it mostly probably wouldn’t hurt to take care of that.
Honestly, the most important access in keeping your stuff safe, is to keep your behaviour safe. If you download everything and anything from anywhere, then you will always get malicious content. However, if human behaviour is adjusted to the risk, then there is almost zero possibility for malicious software to reach your grounds.
If you are very strict and self-aware about that fact and know how to behave really safe, you will never need any anti-virus protection, in the first place.
That’s the truth, many “security experts” don’t want you to hear. Okay, that’s a bit unfair. They say that, too, but definitely not the ones working for the big anti-virus software companies… They of course want you to believe in the myth, that everyone needs anti-virus software, when in fact it’s not necessary, if you keep strict rules about your behaviour online.
It’s a bit more tricky with servers, but when you only have your own home server, the risk is really not that great. Using default security mechanics, like having a firewall properly set up and always changing the default administrator user + password, etc. should be more than enough in normal home server situations.
2 Likes
Happens on my machine (RPi4 my SSH jumphost )- my router forwards some “other” arbitrary TCP request [I won’t say what port] to port 22 on my Pi4: all the time - its bound to happen…
Do a whois on the IP addresses and they’re invariably Chinese ISP’s… Not always…
I DON’T have emails - or I’d be flooded with them.
Recommendation - turn off email notification… chances are they get ignored, who’s got time to read and digest all that information?
1 Like
You can greatly reduce these bot hits by moving SSH to a different port than the default port 22. Another trick is to limit access to port 22 to addresses in the range that your ISP uses. If you do this be sure you have an alternate method to get to your server in case your ISP starts using a different range of IP addresses. I’m assuming your Internet connection uses DHCP and your IP address changes periodically.
Instead of Fail2Ban I use CSF firewall on my public servers, both are good but I believe CSF has more features.
2 Likes
I also recommend you use password-less login with your ssh keys and then (after testing) you disable the ability to login using passwords. There are many detailed guides in the internet (for example https://www.youtube.com/watch?v=pw7BsDbHNfY )
1 Like
Hi Mark,
This is not my area, but we appreciate you putting in somthing.
Rehards
Neville