[HELP] Cara Mengatasi Masalah SSH Bruteforce Attack

Discussion in 'VPS (Virtual Private Server)' started by Redzcaviar, 19 Aug 2013.

Thread Status:
Not open for further replies.
  1. Redzcaviar

    Redzcaviar New Member

    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Selamat pagi mastah.
    saya ada masalah ni dengan VPS Debian saya. katanya ada masalah SSH bruteforce attack. saya juga kurang ngerti maksud nya apa & cara mengatasi nya gmna ?
    mungkin mastah2 bisa bantu resolved problem ini.
    ini sedikit notice dari DC :

    We received another complaint again, your VPS has been suspended and will not be allowed to continue. You obviously have no intention to fix the problem.

    Logfile excerpt (date/times are UTC):
    Aug 16 03:56:04 nihp05 sshd[3872]: Invalid user admin from 11x.2xx.xxx.xx6
    Aug 16 03:56:07 nihp05 sshd[3872]: Failed password for invalid user admin from 11x.2xx.xxx.xx6 port 55582 ssh2
    Aug 16 03:56:07 nihp05 sshd[3872]: Received disconnect from 11x.2xx.xxx.xx6: 11: Bye Bye [preauth]
    Aug 16 03:56:09 nihp05 sshd[3874]: Invalid user admin from 11x.2xx.xxx.xx6
    Aug 16 03:56:11 nihp05 sshd[3874]: Failed password for invalid user admin from 11x.2xx.xxx.xx6 port 56372 ssh2
    Aug 16 03:56:11 nihp05 sshd[3874]: Received disconnect from 11x.2xx.xxx.xx6: 11: Bye Bye [preauth]
     
  2. perdhanahost

    perdhanahost Expert 1.0

    Messages:
    986
    Likes Received:
    147
    Trophy Points:
    43
    Kalau password mas cukup sulit ditebak, mas boleh merasa aman untuk sementara. Misalnya password mas adalah seperti berikut ini:

    H9UT3G76tePcKuAYHjjtSef77x8Mw8fvDuHhts55Maj6DCVe3w05S8nDNA7gF87zcf2Qi56jzSwaK1No44AicWtrciKWYyfC

    Butuh waktu cukup lama untuk menebak passwordnya.

    Mas bisa juga pasang CSF yang akan blokir IP yang gagal login 5 kali berturut2 dalam 1 jam.

    Selain itu, yang paling ampuh tapi sedikit merepotkan adalah menggunakan public key, baik menggunakan passphrase maupun passphrase-less public key.

    Semoga membantu.
     
  3. galuh82

    galuh82 Hosting Guru Web Hosting (Company)

    Messages:
    2,514
    Likes Received:
    186
    Trophy Points:
    63
    pertimbangkan juga penggunaan non default port sshnya .. CMIIW
     
  4. andhi

    andhi Hosting Guru

    Messages:
    1,678
    Likes Received:
    132
    Trophy Points:
    63
    ganti port default ssh nya, trus jgn ijinkan user root untuk login ssh, klo mau pake root pake perintah SU saja
     
  5. jaapns

    jaapns Hosting Guru Web Hosting

    Messages:
    3,255
    Likes Received:
    441
    Trophy Points:
    83
    kok tebakan saya kayaknya di pake SSH Tunneling ya usernya banyak ......
     
  6. hostmyid

    hostmyid Beginner 2.0

    Messages:
    61
    Likes Received:
    3
    Trophy Points:
    8
    buka file /etc/ssh/sshd_config

    Ganti port menjadi non-default, Port 9999
    SSH hanya bisa diakses melalui ip server tertentu, ListenAddress IPSERVER
    Pastikan root tidak bisa login, PermitRootLogin no

    Gunakan CSF
     
  7. drupadi

    drupadi Apprentice 1.0 Web Hosting (Company)

    Messages:
    213
    Likes Received:
    35
    Trophy Points:
    28
    pake private key setiap usernya.
    Disable password authentication.
     
  8. arieonline

    arieonline Expert 1.0

    Messages:
    885
    Likes Received:
    127
    Trophy Points:
    43
    bentar2.
    itu ada notice dari DC soal komplain yg lainnya
    bearti server nya TS menyerang/bruteforce server lain.

    kemungkinan:
    1. vps terinfeksi bot yg kerjanya bruteforce vps lain
    2. klo dibuat jualan ssh-tunnel, tampaknya ada client yg iseng biar server anda di suspend
     
  9. Redzcaviar

    Redzcaviar New Member

    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    ok, nnti saya coba.

    maksdnya ?

    SU apaan mastah ?

    gk terlalu banyak sih. normal2.

    kan Port Default nya 22 jadi di ubah ke 9999 gitu ?
    CSF apaan mastah ?

    ok, nnti sya coba.

    iya, perkiraan saya ada user SSH yg iseng.
     
Loading...
Thread Status:
Not open for further replies.

Share This Page

Loading...