Brute Force on SSH and DDoS

H

hebrew878

Verified User
Joined
Jul 3, 2011
Messages
61
Location
India
my server geTTing brute force attack daily on SSH login and also DDoS Attack

yesterday in my site there was about 50+ users logged in...


suddenly maximun number of users gone offline because they all were using opera mini mobile browser as my site is a mobile wap..


my site was down only for opera mini browser what could be the reason?
site was working fine for all the mobile default browser agents as well as PC.also i verified other sites than my site was working fine on that same opera mini mobile browser.
this could be DDoS ??
also i got system news though DirectAdmin panel saying that brute force attack detected on SSH from some IPs.


i traced the IPs but all are from China.


now i want to block IPs based on country.

how can i do that?
 
I use this site:
http://www.wizcrafts.net/chinese-blocklist.html and it's used with .htaccess.
You also get an update whenever the list is change so you can adjust your .htaccess file. However, .htaccess is per hosting account.

With configserver firewall (CSF) it's also possible to block complete country's and this works serverwide.
It's a good idea to consider using CSF on your server anyway.
 
I just block the IPs manually ATM. Port 22 is only open to me anyway so I'm not that bothered - who gives SSH access on a shared box anyway!

Quick question...
I'm not sure if the block_ip.sh script is called automatically if the nn attempts have reached, or do you need to manually execute via DA? Can someone clarify. If the latter, its very tedious.

FWIW, we see that China is the leader of attacks, mostly we have to filter out IP blocks for China as its too much with each individual IPs. :(
 
Last edited:
You must log in or register to reply here.
Back
Top