Stop and prevent brute force attacks on Ubuntu 14.04
I've currently 3 servers with SSH service being attacked by brute force. The attack is from multiple sources or one who's changing his IP with each attempt performed.
I need help to stop current attacks and protect/prevent from future ones.
I've already setup fail2ban in one machine after following (quickly) this guide: How to protect SSH with Fail2Ban on Ubuntu 14.04 but I haven't saw any improvements by doing so.
Please, I really need help on this as there are sensitive services running in every machine which can not go down and these attacks are sucking machines' resources.
Thanks in advance, best regards.
P.S.: I know there are several questions/answers on this topic but couldn't find any suitable answer to help me...
Solution 1:
You can change SSH port to a non-standard one, and then drop all packets coming to SSH port 22
. This way the attacker's connection attempts all time out, which causes them to use more time for each attempt.
If you are using some automatic scripts to connect to your server via SSH, then you need to reconfigure those.
SSH port is configured under /etc/ssh/sshd_config
.
However, if attackers port scan your server, they will find out the new port.
If you don't access the server from everywhere, then you allow only IP addresses where you use this server, and drop packets from all other IP addresses.