Multiple ssh processes running

saiko · Jan 18, 2010

LS,

The controlpanel shows there are 14 processes running of ssh. "sshd (pid 878 879 880 881 882 883 884 885 886 887 900 901 18466 18828 )". I tried to killall ssh and restart but without success. Furthermore I don't have any backups running with sftp. Is this normal for directadmin or do I have a serious problem?

Kind regards,
Saiko

tillo · Jan 18, 2010

It probably is an ssh bruteforce attempt, very common these days. Use fail2ban to cut out automatically any bruteforcer, or use CSF (its logfile parser, LFD, is able to block bruteforcers on a large set of DA-specific services like SSH, FTP, IMAP, POP3 etc).

nobaloney · Jan 18, 2010

We generally move sshd to a non-standard port.

Jeff

tillo · Jan 19, 2010

That is a common way to mitigate worm attacks, but remember to setup an automatic blocker anyway: targeted attacks happen, and when they do you won't even bother to check your SSH logs.

mr.applesauce · Jan 19, 2010

Just use denyhosts it works well. But changing the non standard port is a good idea your bruteforce attempts will go down by 90% or more.

saiko · Feb 5, 2010

tillo said:
It probably is an ssh bruteforce attempt, very common these days. Use fail2ban to cut out automatically any bruteforcer, or use CSF (its logfile parser, LFD, is able to block bruteforcers on a large set of DA-specific services like SSH, FTP, IMAP, POP3 etc).

I've installed CSF and it works like a charm. Went from 20.000 hack attempts to 10 a day. Thanks for the advice

scsi · Feb 5, 2010

Changing the port works well too

Multiple ssh processes running

saiko

New member

tillo

Verified User

nobaloney

NoBaloney Internet Svcs - In Memoriam †

tillo

Verified User

mr.applesauce

Verified User

saiko

New member

scsi

Verified User