It’s common practice to only allow web server access via SSH using key authentication. While this makes it impossible to login without the key, a quick look at:
tail -n500 -f -s3 /var/log/auth.log
Showed an endless stream of dictionary attempts trying to gain root/admin access to the servers. While they would never succeed, its preferable to try and avoid a DDOS scenario.
As we run a SSHd which is available remotely , I installed DenyHosts
sudo apt-get install denyhosts
DenyHosts will block an IP after a few failed attempts.
Denyhosts need no real setup, but its advisable to add your IP’s you use to access your server to:
sudo nano /etc/hosts.allow
So you can never be locked out.
