Questo è il registro del mio server:
Mar 25 16:49:51 f4arelay sshd[10831]: input_userauth_request: invalid user git [preauth]
Mar 25 16:49:51 f4arelay sshd[10831]: pam_unix(sshd:auth): check pass; user unknown
Mar 25 16:49:51 f4arelay sshd[10831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.29.194.97
Mar 25 16:49:54 f4arelay sshd[10831]: Failed password for invalid user git from 115.29.194.97 port 43574 ssh2
Mar 25 16:49:54 f4arelay sshd[10831]: Received disconnect from 115.29.194.97: 11: Bye Bye [preauth]
Mar 25 16:50:08 f4arelay sshd[10473]: pam_unix(sshd:session): session closed for user root
Mar 25 16:52:49 f4arelay sshd[10841]: Invalid user vagrant from 115.29.194.97
Mar 25 16:52:49 f4arelay sshd[10841]: input_userauth_request: invalid user vagrant [preauth]
Mar 25 16:52:49 f4arelay sshd[10841]: pam_unix(sshd:auth): check pass; user unknown
Mar 25 16:52:49 f4arelay sshd[10841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.29.194.97
Mar 25 16:52:51 f4arelay sshd[10841]: Failed password for invalid user vagrant from 115.29.194.97 port 35672 ssh2
Mar 25 16:52:51 f4arelay sshd[10841]: Received disconnect from 115.29.194.97: 11: Bye Bye [preauth]
Mar 25 16:55:45 f4arelay sshd[10845]: Invalid user vnc from 115.29.194.97
Mar 25 16:55:45 f4arelay sshd[10845]: input_userauth_request: invalid user vnc [preauth]
Mar 25 16:55:45 f4arelay sshd[10845]: pam_unix(sshd:auth): check pass; user unknown
Mar 25 16:55:45 f4arelay sshd[10845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.29.194.97
Mar 25 16:55:47 f4arelay sshd[10845]: Failed password for invalid user vnc from 115.29.194.97 port 56011 ssh2
Mar 25 16:55:47 f4arelay sshd[10845]: Received disconnect from 115.29.194.97: 11: Bye Bye [preauth]
Mar 25 16:56:38 f4arelay sshd[10849]: Accepted password for root from 37.134.155.106 port 62645 ssh2
Mar 25 16:56:38 f4arelay sshd[10849]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 25 16:56:38 f4arelay sshd[10849]: pam_env(sshd:session): Unable to open env file: /etc/default/locale: No such file or directory
Mar 25 16:57:23 f4arelay sudo: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/usr/bin/less /var/log/auth.log
Mar 25 16:57:23 f4arelay sudo: pam_unix(sudo:session): session opened for user root by root(uid=0)
Mar 25 16:58:48 f4arelay sshd[10900]: Invalid user test from 115.29.194.97
Mar 25 16:58:48 f4arelay sshd[10900]: input_userauth_request: invalid user test [preauth]
Mar 25 16:58:48 f4arelay sshd[10900]: pam_unix(sshd:auth): check pass; user unknown
Mar 25 16:58:48 f4arelay sshd[10900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.29.194.97
Mar 25 16:58:50 f4arelay sshd[10900]: Failed password for invalid user test from 115.29.194.97 port 48110 ssh2
Mar 25 16:58:50 f4arelay sshd[10900]: Received disconnect from 115.29.194.97: 11: Bye Bye [preauth]
Mar 25 16:59:48 f4arelay sudo: pam_unix(sudo:session): session closed for user root
Mar 25 17:00:12 f4arelay sudo: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/usr/bin/less /var/log/auth.log
Mar 25 17:00:12 f4arelay sudo: pam_unix(sudo:session): session opened for user root by root(uid=0)
Come puoi vedere, c'è un bot che tenta di connettersi continuamente al mio server.
Mi piacerebbe sapere come proteggerlo da persone come lui, so che non è possibile fermare tutte quelle persone che voglio solo assicurarmi che non vengano loggate nel mio server.