• Hello and welcome! Register to enjoy full access and benefits:

    • Advertise in the Marketplace section for free.
    • Get more visibility with a signature link.
    • Company/website listings.
    • Ask & answer queries.
    • Much more...

    Register here or log in if you're already a member.

  • 🎉 WHV has crossed 56000 (56k) monthly views (unique) and 285135 clicks per month, as per Google Analytics! Thank you for your support! 🎉

How to Protect a VPS Against SSH Brute-Force Attacks and Port Scans

johny899

New Member
Content Writer
Messages
859
Reaction score
3
Points
23
Balance
$1,053.6USD
Let me tell you something I learned the hard way. When you're running a VPS, the attacks don't start after a week or month. The attacks start the moment you turn it on. The first time I looked through my logs, I thought my VPS must be famous or something because the logging in attempts were insane. If you've ever seen the SSH attempts nonstop, you have that feeling.

Why Hackers Like to Try SSH First​

Hackers love SSH because it controls everything. If they have access to it, they own your VPS.

And you may be wondering, why try hundreds of username-password combinations? Because atleast one person out there is still using: "root/password123" somewhere. I know, it sounds crazy, but it happens way more often than you would think.

Ways to Secure SSH​

I'm all about the easy things that yield a lot of benefit, and these simple steps always help me:
  • Change the default SSH port to something arbitrary.
  • Use SSH keys rather than passwords.
  • Disable direct root login, that way attackers aren't guessing it.
  • Install Fail2ban to ban anyone that fails too many times.
Once I put these in place my server got way quieter. My nonstop attack messages were almost gone.

Firewalls Can Make a Big Difference​

I often refer to a firewall as having a bouncer at the front door of your server. I use UFW on some machines and iptables on others. Both are good.

A decent firewall allows you to:
  • Only allow connections from your IP address
  • Throttle how fast someone can open connections
  • Block anything that looks suspiciously like a scan

Eliminating Port Scanners Automatically​

You end up irritated with port scanning, because it like it invades your space. Someone is targeting your server to see if it is vulnerable, by seeing if there is an open port they can penetrate (this does occur more frequently than you may believe).

Occasionally, I will employ a tool, such as PortSentry, that runs and watches for suspicious behavior, and acts almost instantly. But even a few basic port scanning rules can offer the same type of control.

If an IP touches too many ports in too rapid of time, I simply block it altogether.

Choosing a VPS Provider Who Actually Cares About Security​

Some VPS companies have already implemented some basic security among (or all) of the following:
  • Basic (and high) firewalls
  • DDoS protection
  • Notifications upon accounts being accessed
  • Automatically block dangerous behavior
Appreciating the time these features save is a huge benefit for me. The other sources I mentioned will never offer benefits with security practices like these (a downside of a provider to consider when choosing). So checking first is usually worthwhile.

To Conclude​

You should not feel stressed or uneasy thinking about the security of your VPS. It simply takes some intelligent strategy to make your VPS exponentially more challenging to penetrate.

Remember locking your door at night for your house. You do not expect trouble, but do you lock your house door?
 
You must log in or register to reply here.
Menu
Log in
Register