Preventing - Large Number of Failed Login Attempts from IP

Posted by Silver89 on Server Fault See other posts from Server Fault or by Silver89
Published on 2012-12-03T16:40:56Z Indexed on 2012/12/03 17:06 UTC
Read the original article Hit count: 230

Filed under:
|
|
|

I'm running a CentOS 6.3 server and currently receive emails entitled "Large Number of Failed Login Attempts from IP" from my server every 15 minutes or so.

Surely with the below configured it should mean only the person using the (my static ip) should be able to even try and log in?

If that's the case where are these remote unknown users trying to log into which is generating these emails?

Current Security Steps:

  • root login is only allowed without-password
  • StrictModes yes
  • SSH password login is disabled - PasswordAuthentication no
  • SSH public keys are used
  • SSH port has been changed to a number greater than 40k
  • cPHulk is configured and running
  • Logins limited to specific ip address
  • cPanel and WHM limited to my static ip only

hosts.allow

sshd: (my static ip)
vsftpd: (my static ip)
whostmgrd: (my static ip)

hosts.deny

ALL : ALL

© Server Fault or respective owner

Related posts about linux

Related posts about centos