Preventing - Large Number of Failed Login Attempts from IP
Posted
by
Silver89
on Server Fault
See other posts from Server Fault
or by Silver89
Published on 2012-12-03T16:40:56Z
Indexed on
2012/12/03
17:06 UTC
Read the original article
Hit count: 230
I'm running a CentOS 6.3 server and currently receive emails entitled "Large Number of Failed Login Attempts from IP" from my server every 15 minutes or so.
Surely with the below configured it should mean only the person using the (my static ip) should be able to even try and log in?
If that's the case where are these remote unknown users trying to log into which is generating these emails?
Current Security Steps:
- root login is only allowed
without-password
StrictModes yes
- SSH password login is disabled -
PasswordAuthentication no
- SSH public keys are used
- SSH port has been changed to a number greater than 40k
- cPHulk is configured and running
- Logins limited to specific ip address
- cPanel and WHM limited to my static ip only
hosts.allow
sshd: (my static ip)
vsftpd: (my static ip)
whostmgrd: (my static ip)
hosts.deny
ALL : ALL
© Server Fault or respective owner