Excessive Number of Failed Logins

[EneaXH]

Hello there,

how to stop this Excessive Number of Failed Login Attempts from 211.117.xx.xxx (Korea, Republic of:KR)..

Latest 24 hour i received more than 300 emails with this message..

Also when i log in as root on SSH, i see there that was 89000 attempts to login as root before my attempt.

Thank you

 

[Muhammed Fasal]

Hello,

Is CSF installed on your server? If so, it may autoblock these IPs once the failed login attempt limits reached. You can check whether the IP blocked or not on your server with below command: (Do not forget to change the IP with the exact IP address)

csf -g IP

If it's not in Deny chain, then you can block this IP with below command:

csf -d IP

The best solution would be set the SSH port to a secure one other than default 22. You can change the SSH port of your server in /etc/ssh/sshd_config file. Locate the following line:

# Port 22

Remove # and change 22 to your desired port number. and save the file.

Restart the sshd service by running the following command:

service sshd restart

Make sure to take a backup of the file before makes the edit. Once the port changed, you need to specify the custom SSH port while access the server. If you are login via terminal, you can access by:

ssh [email protected] -p port

 

[cPanelMichael]

Hello,

You may also find this thread helpful:

[Tutorial] Interested in increasing the security of your server? Read this. (sshd hardening)

Thank you.