Zakupio sam vps host kamo planiram smjestiti aplikaciju pogonjenu na nginx serveru i ubuntu distri, izrađenu na phalconphp frameworku, u pozadini su još mongodb i elasticsearch. Za sada je čitav server tu da servisa 'landing' stranicu i da se prate aktivnosti (upoznavanje sa okolinom). Bacim svakodnevno oko na grafikon i jučer primjetim povećane aktivnosti. Pogledam logove od http servera¸vidim razne upite prema install / setup skriptama (phpmyadmin, postfix i sl). Malo prije pogledam auth.log i vidim preko 38.000 linija
Sep 15 11:38:24 burzilla sshd[4393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 15 11:38:31 burzilla sshd[4393]: Invalid user aditza from 221.6.233.62
Sep 15 11:38:31 burzilla sshd[4393]: input_userauth_request: invalid user aditza [preauth]
Sep 15 11:38:31 burzilla sshd[4393]: pam_unix(sshd:auth): check pass; user unknown
Sep 15 11:38:31 burzilla sshd[4393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.6.233.62
Sep 15 11:38:33 burzilla sshd[4393]: Failed password for invalid user aditza from 221.6.233.62 port 47840 ssh2
Sep 15 11:38:34 burzilla sshd[4395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 15 11:38:36 burzilla sshd[4393]: Received disconnect from 221.6.233.62: 11: Bye Bye [preauth]
Sep 15 11:38:37 burzilla sshd[4395]: Invalid user admin1 from 221.6.233.62
Sep 15 11:38:37 burzilla sshd[4395]: input_userauth_request: invalid user admin1 [preauth]
Sep 15 11:38:37 burzilla sshd[4395]: pam_unix(sshd:auth): check pass; user unknown
Sep 15 11:38:37 burzilla sshd[4395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.6.233.62
Sep 15 11:38:39 burzilla sshd[4395]: Failed password for invalid user admin1 from 221.6.233.62 port 50484 ssh2
Sep 15 11:38:40 burzilla sshd[4395]: Received disconnect from 221.6.233.62: 11: Bye Bye [preauth]
Sep 15 11:38:41 burzilla sshd[4397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 15 11:38:54 burzilla sshd[4397]: Connection closed by 221.6.233.62 [preauth]
itd...
Dakle koji su prvi koraci ka zaštiti server od neželjenih upada.?
ps
Na http serveru stavio sam ban za nepoznatog (-)user agenta. Najradije bi svoju aplikaciju stavio negdje na neki od PaaS giganata, aws, heroku , google app engine i sl, ali u ovom trenutku ograničen sam sredstvima.