System logs ?!
-
Hi , for like 2 days i activated ssh to configure pfsense with putty, it's working great, but i saw this in system logs ? those connection means that someone tryed to connect trought ssh to my pfsense machine ?? thanks
Jan 29 06:20:28 sshd[48990]: Failed password for root from 91.205.189.15 port 40642 ssh2
Jan 29 06:20:29 sshd[49346]: Failed password for root from 91.205.189.15 port 40740 ssh2
Jan 29 06:20:30 sshd[49925]: Failed password for nobody from 91.205.189.15 port 40848 ssh2
Jan 29 06:20:30 sshd[50249]: Failed password for nobody from 91.205.189.15 port 40967 ssh2
Jan 29 06:20:31 sshd[50257]: Failed password for nobody from 91.205.189.15 port 41065 ssh2
Jan 29 06:20:32 sshd[50517]: Failed password for root from 91.205.189.15 port 41161 ssh2 -
Yes.
You can change ssh port, close ssh from wan or configure a VPN.
-
Your WAN firewall rules are way too permissive, don't allow SSH from the Internet.
-
You should also look at grabbing PFblocker, you can block the whole Russian Federation from spamming your box. ;)
-
@cmb:
Your WAN firewall rules are way too permissive, don't allow SSH from the Internet.
what I did is kept the permissions the same but changed the default SSH port, it cut down brute force attempts by 99%
also this IP is breaking guiness world of records for brute force attempts and not a single DNSBL registered it yet…. http://ip-address-lookup-v4.com/ip/91.205.189.15
