Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 6 subscribers
  • Views 10036 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How can I stop so many Failed SSH Logins?

Steve Strickland

I haven't even had my SG115 on my network with an Internet connection for 24 hours yet, and I'm seeing tons of "Failed SSH Login" notifications and they are coming from IP addresses all over the world!  I have SSH disabled.  I know it's these weasel hackers trying to get in.  How can I block them from even trying SSH?  Just block them in their tracks even before they try any monkey business on my router.  Can I permanently ban IP addresses?  How about by country?  I do this for websites I maintain - just auto-block anyone coming from certain countries.  Is this possible in this device?  I want notifications about anything, but really?  I've gotten almost 300 so far and my router has barely been turned on.



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Steve Strickland

    You can also set up that SSH is only accessible from inside your own network, that way the outside world would never be able to reach it. It's better than just changing the port (that's called security through obscurity)

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0 in reply to apijnappels

    I agree, but if you need external SSH access, the thousands of scipt kiddies who only know how to run a script they found anywhere will not bump against your server permanently if you do not use a standard port.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML