Preventing - Large Number of Failed Login Attempts from IP
- by Silver89
I'm running a CentOS 6.3 server and currently receive emails entitled "Large Number of Failed Login Attempts from IP" from my server every 15 minutes or so.
Surely with the below configured it should mean only the person using the (my static ip) should be able to even try and log in?
If that's the case where are these remote unknown users trying to log into which is generating these emails?
Current Security Steps:
root login is only allowed without-password
StrictModes yes
SSH password login is disabled - PasswordAuthentication no
SSH public keys are used
SSH port has been changed to a number greater than 40k
cPHulk is configured and running
Logins limited to specific ip address
cPanel and WHM limited to my static ip only
hosts.allow
sshd: (my static ip)
vsftpd: (my static ip)
whostmgrd: (my static ip)
hosts.deny
ALL : ALL