{"id":15,"date":"2010-04-26T22:41:53","date_gmt":"2010-04-27T02:41:53","guid":{"rendered":"http:\/\/www.xavignu.com\/?p=15"},"modified":"2010-04-27T15:48:17","modified_gmt":"2010-04-27T19:48:17","slug":"blocking-ssh-attacks-with-iptables","status":"publish","type":"post","link":"https:\/\/www.xavignu.com\/?p=15","title":{"rendered":"Blocking SSH attacks with IPtables"},"content":{"rendered":"

If you have a website running you might get brute force attacks on the ssh port. Below is an excerpt from the logs in \/var\/log\/auth.log<\/p>\n

Jan 28 21:32:16 server sshd[10855]: Failed password for illegal user root from 213.191.74.219 port 51033 ssh2
\nJan 28 21:32:16 server sshd[10857]: Illegal user root from 213.191.74.219
\nJan 28 21:32:16 server sshd[10857]: Failed password for illegal user root from 213.191.74.219 port 53722 ssh2
\nJan 28 21:32:16 server sshd[10859]: Illegal user root from 213.191.74.219
\nJan 28 21:32:16 server sshd[10859]: Failed password for illegal user root from 213.191.74.219 port 54393 ssh2
\nJan 28 21:32:16 server sshd[10861]: Illegal user root from 213.191.74.219
\nJan 28 21:32:16 server sshd[10861]: Failed password for illegal user root from 213.191.74.219 port 55099 ssh2<\/b><\/p>\n

Blocking this attacks is really easy with IPtables<\/a>. Just type the following from the CLI.<\/p>\n


\nsudo iptables -A INPUT -i eth0 -p tcp –dport 22 -m state –state NEW -m recent –set –name SSH
\nsudo iptables -A INPUT -i eth0 -p tcp –dport 22 -m state –state NEW -m recent –update –seconds 60 –hitcount 3 –rttl –name SSH -j DROP
\n<\/b><\/p>\n

The above command will block ssh attacks on the SSH port on your server. Enjoy.<\/p>\n

\n","protected":false},"excerpt":{"rendered":"

If you have a website running you might get brute force attacks on the ssh port. Below is an excerpt from the logs in \/var\/log\/auth.log Jan 28 21:32:16 server sshd[10855]: Failed password for illegal user root from 213.191.74.219 port 51033 ssh2 Jan 28 21:32:16 server sshd[10857]: Illegal user root from 213.191.74.219 Jan 28 21:32:16 server […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[3],"tags":[4,6,5,7],"jetpack_featured_media_url":"","jetpack_publicize_connections":[],"jetpack_shortlink":"https:\/\/wp.me\/pTQgt-f","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.xavignu.com\/index.php?rest_route=\/wp\/v2\/posts\/15"}],"collection":[{"href":"https:\/\/www.xavignu.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.xavignu.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.xavignu.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.xavignu.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15"}],"version-history":[{"count":0,"href":"https:\/\/www.xavignu.com\/index.php?rest_route=\/wp\/v2\/posts\/15\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.xavignu.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.xavignu.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.xavignu.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}