Ich habe seit neusten einem RS und habe vorher nur zur Hause in der VM probiert und geübt. Nun bin ich am übelregen ob ich alles richtig gemacht habe oder nicht.
Auf jeden Fall bekomme ich mehrfach am Tag Mails von fail2ban mit folgendem Text das einige IPS etwas versucht haben.
Diese werden natürlich gebannt, aber 2-3 x am Tag kommt sowas rein und nun vermute ich einen Fehler zu haben.
Lines containing failures of 43.134.75.120 (max 1000)
2024-06-05T14:19:57.157148+02:00 v2202404190794263410 sshd[42252]: Connection from 43.134.75.120 port 42756 on <meineIP> port 2222 rdomain ""
2024-06-05T14:19:59.103287+02:00 v2202404190794263410 sshd[42252]: Connection closed by authenticating user root 43.134.75.120 port 42756 [preauth]
2024-06-05T14:20:06.547103+02:00 v2202404190794263410 sshd[42254]: Connection from 43.134.75.120 port 55212 on <meineIP> port 2222 rdomain ""
2024-06-05T14:20:08.509852+02:00 v2202404190794263410 sshd[42254]: Invalid user guest1 from 43.134.75.120 port 55212
2024-06-05T14:20:08.904654+02:00 v2202404190794263410 sshd[42254]: Connection closed by invalid user guest1 43.134.75.120 port 55212 [preauth]
2024-06-05T14:20:16.145372+02:00 v2202404190794263410 sshd[42257]: Connection from 43.134.75.120 port 40186 on <meineIP> port 2222 rdomain ""
2024-06-05T14:20:18.170748+02:00 v2202404190794263410 sshd[42257]: Connection closed by authenticating user root 43.134.75.120 port 40186 [preauth]
2024-06-05T14:20:25.467250+02:00 v2202404190794263410 sshd[42259]: Connection from 43.134.75.120 port 52310 on <meineIP> port 2222 rdomain ""
2024-06-05T14:20:27.338935+02:00 v2202404190794263410 sshd[42259]: Connection closed by authenticating user root 43.134.75.120 port 52310 [preauth]
2024-06-05T14:20:34.672924+02:00 v2202404190794263410 sshd[42261]: Connection from 43.134.75.120 port 35968 on <meineIP> port 2222 rdomain ""
2024-06-05T14:20:36.609512+02:00 v2202404190794263410 sshd[42261]: Connection closed by authenticating user root 43.134.75.120 port 35968 [preauth]
2024-06-05T14:20:43.904052+02:00 v2202404190794263410 sshd[42263]: Connection from 43.134.75.120 port 48136 on <meineIP> port 2222 rdomain ""
2024-06-05T14:20:45.922198+02:00 v2202404190794263410 sshd[42263]: Connection closed by authenticating user root 43.134.75.120 port 48136 [preauth]
2024-06-05T14:20:53.267124+02:00 v2202404190794263410 sshd[42265]: Connection from 43.134.75.120 port 60506 on <meineIP> port 2222 rdomain ""
2024-06-05T14:20:55.226018+02:00 v2202404190794263410 sshd[42265]: Connection closed by authenticating user root 43.134.75.120 port 60506 [preauth]
2024-06-05T14:21:02.517736+02:00 v2202404190794263410 sshd[42267]: Connection from 43.134.75.120 port 44618 on <meineIP> port 2222 rdomain ""
2024-06-05T14:21:04.510039+02:00 v2202404190794263410 sshd[42267]: Connection closed by authenticating user root 43.134.75.120 port 44618 [preauth]
2024-06-05T14:21:11.825583+02:00 v2202404190794263410 sshd[42269]: Connection from 43.134.75.120 port 56658 on <meineIP> port 2222 rdomain ""
2024-06-05T14:21:13.460987+02:00 v2202404190794263410 sshd[42269]: Invalid user test2 from 43.134.75.120 port 56658
2024-06-05T14:21:13.812604+02:00 v2202404190794263410 sshd[42269]: Connection closed by invalid user test2 43.134.75.120 port 56658 [preauth]
2024-06-05T14:21:21.277125+02:00 v2202404190794263410 sshd[42272]: Connection from 43.134.75.120 port 40520 on <meineIP> port 2222 rdomain ""
2024-06-05T14:21:23.192226+02:00 v2202404190794263410 sshd[42272]: Invalid user backups from 43.134.75.120 port 40520
2024-06-05T14:21:23.653821+02:00 v2202404190794263410 sshd[42272]: Connection closed by invalid user backups 43.134.75.120 port 40520 [preauth]
SSH Port ist geändert und auch Root Login Ausgeschalten soweit kommt nur mein User mit Key drauf.
Edit: Gibt es hier oder irgendwo Leute, welch meinen Server testen auf Sicherheitslücken?