7063 questions

8463 answers

13731 comments

10436 members

+1 vote
854 views 1 comments
by

Hi All,

can anyone tell me how to block nonexistent user attempts (attacks) which generate the events below:

3306 2020-02-18 18:37:32 SSH Login attempt for nonexistent user from WAN 113.187.119.0:57240
3305 2020-02-18 18:37:23 SSH Login attempt for nonexistent user from WAN 113.187.119.0:57184
3304 2020-02-18 18:13:38 SSH Login attempt for nonexistent user from WAN 121.165.33.239:55512
3303 2020-02-18 18:13:33 SSH Login attempt for nonexistent user from WAN 121.165.33.239:55268
3302 2020-02-18 18:13:27 SSH Bad password attempt from WAN 121.165.33.239:55016
3301 2020-02-18 18:13:22 SSH Login attempt for nonexistent user from WAN 121.165.33.239:54750
3300 2020-02-18 18:13:18 SSH Bad password attempt from WAN 121.165.33.239:54500

I don't want to set the firewall to the maximum restriction, just would like to block these hackers if possible... Thank you.

1 Answer

+1 vote
by
are you SSH in practice? if not consider turning off SSH. or set SSH to a different port than the default one. port 22 (SSH) is often scanned for from the internet. If its on a alternative port this will not be the case.
Best answer
by
I disabled SSH, plus turned on all attack protections. Now there is no event like this anymore.

Thank you!