How to limit Login Attempts on VPS?

[hoangvu]

I'm getting more Login Attempts from different IPS on my hosting

Does anyone explain me how can I limit login attempts in VPS to prevent hacking or Brute-Force attack?

 

[Web Marketing Tool]

Do you mean SSH logins or logins to your CPanel or something else? If you mean SSH I would suggest instead using RSA key authentication, which I can send instructions on how to setup. Using RSA key you would have a key stored on your computer that is required to connect to the server via SSH or FTP. This puts an end to any brute force attacks as they don't have your key. Why have a needless door, better have a solid concrete wall.

If you are interested in how to do this please let me know your version of Linux. If it is CentOS then I have home court advantage, but if not I can still help you find good instructions. Just send me a PM so I know to respond. I'll respond to your PM here for the benefit of everyone else visiting the forum.

 

[laceibanet]

Depends what you have on your vps. You can use ip tables to limit ip from accessing your vps, or if you have a cpanel you can use cphulk which is included with the panel. This can block ip for you after a number of failed login attempts, you can also use it as a black and white list to block or allow ip to connect respectively.
A good practive for a ssh brute force is to switch up the vps default ssh port to something other than the default 22. This can help with securing your server a bit better

 

[Mike_Brown]

The most secure solution is to modify your /etc/ssh/sshd_config file. You can add the following line to restrict user logins to the IP addresses you trust:
AllowUsers *@127.0.0.1 *@127.0.0.2

Follow that trend to add additional IP addresses. Simply add that line to the bottom of the file and it should work as expected.

 

[Delimiter]

Sounds like you need fail2ban.

You can configure how you like, but I think the default rule set is something like if you get 5 failed login attempts the IP gets banned for an hour. I usually tweak this so that if you get 5 failed login attempts, you're banned forever.

I'd also recommend using key-based authentication and disabling password auth. If you switch to using keys to login it's much more secure and will stop pretty much any brute force attempt. Another thing that helps is switching the default SSH port to something other than 22.