HELP!!! The hacker trying to hack my server

goodgbb · Sep 4, 2005

He's trying to login to SSH access. He's using random ports from 40xxx to 52xxx and he's using random users. Anyway the server has auto banned his ip address.

How can I disallow all port and allow a port that I've specify to use SSH access? is it good?
Do you have some idea recommend to me? please..

Thank You So... Much!!

-----------------------------------------------------------------------------------
server sshd[11689]: Failed password for illegal user building
from xx.xxx.xx.xxx port 40283 ssh2
server sshd[11933]: Failed password for illegal user michele
from xx.xxx.xx.xxx port 52178 ssh2
server sshd[11935]: Failed password for illegal user brittany
from xx.xxx.xx.xxx port 52041 ssh2

AndyReed · Sep 4, 2005

There are many applications to protect your server including APF, BFD, and mod_security. I suggest you search this forum for information on how to secure your server.

goodgbb · Sep 4, 2005

Thank You Andy Reed.

I'm already using APF, SIM, BFD. Do you know that how to specify a port for SSH access?

Thank You for your kindly

bijo · Sep 5, 2005

Hello,
Check the file /etc/ssh/sshd_config and change the ssh port to some other value and then restart your ssh service.

Zaf · Sep 5, 2005

goodgbb said:
I'm already using APF, SIM, BFD. Do you know that how to specify a port for SSH access?

If you are asking how to change or specify a port for SSH access other than the default 22, this thread would be helpful http://forums.cpanel.net/showthread.php?t=30159&highlight=ssh

Jeffa · Sep 5, 2005

goodgbb said:
He's trying to login to SSH access. He's using random ports from 40xxx to 52xxx and he's using random users. Anyway the server has auto banned his ip address.

If it calms you down, I run a basic server and get on average, 350-400 attempts per day of users hacking my system...

I had to introduce some password rules to make it harder, but I'm yet to have a succesful hacker.. :P

And no, that's not an invitation!

PuReWebDev · Sep 5, 2005

SSH Security

If you work from a static ip address, you might limit the ip address which can connect to ssh to yourself, and your datacenter.

In addition, if you want some piece of mind, make sure non of your other user have shell access, and you can also change your root password if you feel it may have been compromised.

Hope this helps.

Thanks,
PuReWebDev

goodgbb · Sep 5, 2005

Thank You from my heart~ bijo, Shahzada, Jeffa, PuReWebDev

I'll try your recommendations. You're all kindly

Thread starter	Similar threads	Forum	Replies	Date
G	Help with Finding Disk Exceeded Error and Potential Hacker	Security	6	Dec 14, 2014
E	Help, Palestinien Hacker is hell bent on taking me down	Security	3	Oct 8, 2010
L	Help tracking down a hacker .. where to view Cpanel login IP's?	Security	1	Aug 2, 2007
C	Hacker?? Need help	Security	3	Jun 8, 2007
J	HELP! Hacker delete accounts +reseller priv root	Security	7	Dec 15, 2006

Search

Search

HELP!!! The hacker trying to hack my server

goodgbb

Well-Known Member

AndyReed

Well-Known Member

goodgbb

Well-Known Member

bijo

Well-Known Member

Zaf

Well-Known Member

Jeffa

Member

PuReWebDev

Well-Known Member

goodgbb

Well-Known Member