SSH server gets attacked from internet

C

CPTsquirrel

New Member
Hi,
I am trying to setup the NAS server with remote access to it. I have setup the SSH server to connect to it from my school. but I think the server is getting attacked all the time because I can not access it most of the times. My home IP address is 82.34.41.209 and I can't change it because it is static? (thats what my internet supplier said. How can I configure my ssh server to stop attacks?

thanks.:)
 
T

TrainTrackHack

VIP Member
What exactly do you mean by "I can not access it most of the times"? It completely randomly fails to log you in through SSH, or you're unable to access files?

In any case, what attack are you suspecting? Your SSH server should log all login attempts, if someone was trying to brute force it would show up in the logs. There's no way to stop that, best you can do is pick a strong password and, if possible, an unlikely user name. Don't allow logins with user names like "root", "admin", "administrator" and so on, if at all possible.

However, it's entirely possible (and I would say likely) that your problem is not hacking related.
 
NyxCharon

NyxCharon

Active Member
I would strongly suggest you change the default ssh port to something other then 22.
(it's configured in /etc/ssh/sshd_config by default)
Check /var/log/auth.log for details on who has attempted to login.

Since this is facing the world, I would suggest you set up a firewall if you haven't already.
If you still get a lot of brute force attempts, install something like fail2ban which can auto generate firewall rules to block IP's who fail too many login attempts.

In general, just look into hardening ssh servers.
 
Agent Smith

Agent Smith

Well-Known Member
If you suspect a hacker trying to access the SSH port you could use some iptables that will block brute forcing of the port. Chabge port 22 to your SSH port. I wouldn't keep it at 22. You may have something else going on there.


#SSH Protection
iptables -N rate_limit
iptables -F rate_limit
iptables -A rate_limit -p tcp --dport 22 -m limit --limit 3/min --limit-burst 3 -j ACCEPT
iptables -A rate_limit -p udp --dport 22 -m limit --limit 3/min --limit-burst 3 -j ACCEPT
iptables -A rate_limit -p ICMP --icmp-type echo-request -m limit --limit 3/sec -j ACCEPT
iptables -A rate_limit -p ICMP -j LOG --log-prefix " Connection dropped!! "
iptables -A rate_limit -p tcp -j REJECT --reject-with tcp-reset
iptables -A rate_limit -p udp -j REJECT --reject-with icmp-port-unreachable
iptables -A rate_limit -j DROP
iptables -I INPUT -p tcp --dport 22 -m state --state NEW -j rate_limit
iptables -I INPUT -p udp --dport 22 -m state --state NEW -j rate_limit
 
You must log in or register to reply here.
Top