A
A
Axwellweb2019-02-21 15:18:13
linux
Axwellweb, 2019-02-21 15:18:13

Prevent frequent SSH connections?

The problem is the following:
The Chinese and Koreans are tearing the server with requests to Mysql and SSH.
IP and logins are used different... ie. if to block that only a subnet, but it is a lot of subnets. Apparently they are brute forcing ...
Please tell me about the methods of protection in this case...
How can I close access to SSH and MySQL after 3 attempts with 1 IP?
It was thought to make access only from my IP, but often I go from the phone, and these are already different IP addresses in different places.

Answer the question

In order to leave comments, you need to log in

4 answer(s)
W
Wexter, 2019-02-21
@Axwellweb

fail2ban

A
AVKor, 2019-02-21
@AVKor

I will add to the previously advised:
port knocking,
block access to SSH through the firewall from everywhere except your addresses.

L
lamer350, 2019-02-21
@lamer350

You make access only from a private network using a VPN, it will be available to you from any device and no one will break through.
Does MySQL need to be accessed from external sources? There, in general, accessibility should be only from the localhost and there is no need to open access without unnecessary need ...

Z
zersh, 2019-02-23
@zersh

Here you can approach in different ways:
1. Fail2ban is a great option
2. Use Internet resources to search for a list of ip addresses of providers in your region and allow access only from them, and use vpn for other regions
3. Find an anti-flood rule for iptables. It also works well: literally 3-4 lines.
4. Transfer to a non-standard port. But all of the above will not be superfluous

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question