Control Web Panel

WebPanel => CentOS 7 Problems => Topic started by: venty on October 08, 2022, 08:04:30 AM

Title: LDF many blocked
Post by: venty on October 08, 2022, 08:04:30 AM
Hi,
lately LDF has been sending me messages about many blocked as a result of attacks - ssh2, sshd, etc., what could be the reason for this?
Thanks in advance!

BR
Venty
Title: Re: LDF many blocked
Post by: PakPos on October 08, 2022, 12:31:06 PM
welcome to internet world


there is many web crawled and web scanner.. white black grey. clean dirty, good, bad. only scan, other purpose
it's normal
Title: Re: LDF many blocked
Post by: overseer on January 08, 2023, 07:11:22 AM
Send LDF messages to a dedicated e-mail address, not your own or admin e-mail. Mine is simply fw@mydomain.net. Have it set to check silently in your mail program (mark as read, do not notify). Skim it occasionally (daily/weekly) or have rules set up to inform you of more unusual activity. But all those basic attacks, you can generally ignore.

But one piece of advice that has given me a lot of peace: don't run SSH on port 22 or 2222. Both of those ports are constantly scanned and brute force attacked, esp. by FritzFrog and others. So if you run on an alternate port, you will indeed a measure of "security through obscurity."