I got a 32-bit Debian VPS from http://linode.com and I really haven't done any sort of advanced configuration for securing it ( port 22; password enabled ).
It seems somehow there is ssh scanning going on from my IP, I'm being flagged as this is against the TOS. I've been SSHing only from my home Comcast ISP which I run Linux on.
Is this a common thing when getting a new vps? Are there any standard security configuration tips? I'm quite confused as to how my machine has been accused of this ssh scanning.
Answer
Personally, it sounds like you have been compromised. I would re-install the OS and then reconfigure SSH with:
- key-based auth only
- use AllowUsers or AllowGroups to lock down users allowed onto the box
- make use of iptables to lock down allowed IP addresses.
No comments:
Post a Comment