Failed Login Attempts for root User
Wow, things are much worse than I expected!
I’m reinstalling one of the dedicated hosts for Tech Stack. Kicked off the reinstall with CentOS 8 and came back a few hours later, to see this:
[greys@s1 ~]$ su - Password: Last login: Tue Feb 4 01:09:22 CET 2020 on pts/1 Last failed login: Tue Feb 4 01:22:33 CET 2020 from 222.186.30.35 on ssh:notty There were 84 failed login attempts since the last successful login.
This means that on average there’s 6 login attempts per minute… A good few hundred attempts each hour!
Definitely should switch to key-based SSH logins and deploy fail2ban as the priority!