Skip to main content

Excessive Number of Failed Logins

Comments

2 comments

  • Muhammed Fasal
    Hello, Is CSF installed on your server? If so, it may autoblock these IPs once the failed login attempt limits reached. You can check whether the IP blocked or not on your server with below command: (Do not forget to change the IP with the exact IP address) csf -g IP
    If it's not in Deny chain, then you can block this IP with below command: csf -d IP
    The best solution would be set the SSH port to a secure one other than default 22. You can change the SSH port of your server in /etc/ssh/sshd_config file. Locate the following line: # Port 22
    Remove # and change 22 to your desired port number. and save the file. Restart the sshd service by running the following command: service sshd restart
    Make sure to take a backup of the file before makes the edit. Once the port changed, you need to specify the custom SSH port while access the server. If you are login via terminal, you can access by: ssh root@serverIP -p port
    0
  • cPanelMichael
    Hello, You may also find this thread helpful: [Tutorial] Interested in increasing the security of your server? Read this. (sshd hardening) Thank you.
    0

Please sign in to leave a comment.