There were 73408 Failed Login Attempts Since the last successful login

I saw the below on my Linux Server.

"There were 73408 failed login attempts since the last successful login"

login as: root
root@192.168.2.5's password:
Last failed login: Sun Nov 8 21:12:14 EST 2014 from 192.168.75.4 on ssh:notty
There were 73408 failed login attempts since the last successful login.
Last login: Wed Nov 4 16:10:14 2014 from 192.168.57.4

FIX :

Some robots are trying to crack your server root password. Check the /var/log/secure file and there you can see which IP address is trying to login to your Linux Server.

[root@server ~]# tail -f /var/log/secure

Nov 8 21:21:53 server1 sshd[30710]: Failed password for root from 192.168.75.4 port 42177 ssh2
Nov 8 21:21:55 server1 sshd[30710]: Failed password for root from 192.168.75.4 port 42177 ssh2

From the Logs you can see that IP address 192.168.75.4 is trying to login to your Linux Server with different passwords. This IP address (192.168.75.4) might be a robot or it might be another compromised server.

 

Please do the below steps to secure your Linux Server from brute force attacks :


1. Always set strong password for your Linux Server. Example : A password like "sam123" is very easy to crack but a password like "4Yu6$%gB9" will take many years to crack.

2. Always install a Firewall on your Linux Server. Install CSF / APF or ASL Firewall on your server and it will block these brute force attacks on the server.

3. Change the SSH port number of the Linux server

Open the file /etc/ssh/sshd_config using vi editor and change the line "Port 22" to "Port xxxx"

Example :

root@server [~]# vi /etc/ssh/sshd_config

Port 2222

Save the vi editor and exit.

4. Disable direct root login to your Linux Server. Use sudo or su to gain root access to your Linux Server.

5. Use SSH key based authentication instead of direct root login to Linux server

6. Restrict SSH access only to your IP address. Block all IP address from accessing the server, only allow your IP address in server firewall.

  • 0 Users Found This Useful
Was this answer helpful?

Also Read

How install attracta SEO Tools in cPanel Servers

How to Install Attracta SEO tool Login your SSH via root user cd /usr/local/src wget -N...

How install WHMXTRA in cPanel Servers

How install WHMXTRA in cPanel ServersAccess your ssh as root  wget...

How install Resource Monitor in cPanel Servers

Installation Instructions Step 1: Download the RSMonitor file located at...

How install Softaculous in cpanel Servers

Installing Softaculous Note: Before starting the installation make sure ionCube Loaders are...

Installation of kloxo Control Panel on CentOS 5/6 x86Bit

Hello,Today we will learn how to install kloxo control panel on the CentOS 5.8 Final x86bit...