Unwanted SSH logins on my server

So you can see this clear right?
Fail2Ban
I have litereally 116 mails in just 5 hours of Fail2Ban so can anyone please tell me why they are trying to login into my server I don’t have anything that can be useful for hackers also I am not a big tech company that they are targeting me I just have a small website hosted on my server can anyone please help me fight these bad hackers?

It’s likely a bot trying to automatically try to get into your system. That’s standard procedure around the internet. There are trillions of bots active, every single day, scanning millions of servers for vulnerabilities.

I get attempts to access PHP admin configuration on my server, every single day, as well.

That’s “normal” in our world.

It’s likely there is no human sitting and doing that. Except maybe your “friend” from earlier…

Are you sure?

nope he don’t even know about linux.

It’s happening all the time, everywhere. Just look at any server logs, in the world.

So other than updating my system I need to do something or just keep calm.

yes of-course

There are ways to minimise the risk. Usually, it’s not needed but it mostly probably wouldn’t hurt to take care of that.

Honestly, the most important access in keeping your stuff safe, is to keep your behaviour safe. If you download everything and anything from anywhere, then you will always get malicious content. However, if human behaviour is adjusted to the risk, then there is almost zero possibility for malicious software to reach your grounds.

If you are very strict and self-aware about that fact and know how to behave really safe, you will never need any anti-virus protection, in the first place.

That’s the truth, many “security experts” don’t want you to hear. Okay, that’s a bit unfair. They say that, too, but definitely not the ones working for the big anti-virus software companies… They of course want you to believe in the myth, that everyone needs anti-virus software, when in fact it’s not necessary, if you keep strict rules about your behaviour online.

It’s a bit more tricky with servers, but when you only have your own home server, the risk is really not that great. Using default security mechanics, like having a firewall properly set up and always changing the default administrator user + password, etc. should be more than enough in normal home server situations.

2 Likes

Happens on my machine (RPi4 my SSH jumphost )- my router forwards some “other” arbitrary TCP request [I won’t say what port] to port 22 on my Pi4: all the time - its bound to happen…

Do a whois on the IP addresses and they’re invariably Chinese ISP’s… Not always…

I DON’T have emails - or I’d be flooded with them.

Recommendation - turn off email notification… chances are they get ignored, who’s got time to read and digest all that information?

1 Like