Server down for network abuse

[Spartan]

Some one is DDOS my host. network providers gave me logs.
How can be this prevented ?
this is second time i am facing this and website is down.
i am looking for a permanant solution , it is an free public imagehost .
What network provider or hosting i should go for ?

Feb 8 00:42:10 tyhma sshd[24809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.*.*.*
Feb 8 00:42:11 tyhma sshd[24809]: Failed password for invalid user gnuworld from 109.*.*.* port 48764 ssh2
Feb 8 00:43:19 tyhma sshd[27298]: Invalid user gnuworld from 109.*.*.*
Feb 8 00:43:19 tyhma sshd[27298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.*.*.* 
Feb 8 00:43:20 tyhma sshd[27298]: Failed password for invalid user gnuworld from 109.*.*.* port 37400 ssh2
Feb 8 00:53:54 tyhma sshd[17695]: Invalid user steam from 109.*.*.*
Feb 8 00:53:54 tyhma sshd[17695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.*.*.*
Feb 8 00:53:56 tyhma sshd[17695]: Failed password for invalid user steam from 109.*.*.* port 47403 ssh2
Feb 8 00:55:02 tyhma sshd[20166]: Invalid user steam from 109.*.*.*
Feb 8 00:55:02 tyhma sshd[20166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.*.*.*
Feb 8 00:55:03 tyhma sshd[20166]: Failed password for invalid user steam from 109.*.*.* port 35893 ssh2
Feb 8 00:57:21 tyhma sshd[25078]: Invalid user steam from 109.*.*.*                                                                   Feb 8 00:57:21 tyhma sshd[25078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.*.*.* 
Feb 8 00:57:24 tyhma sshd[25078]: Failed password for invalid user steam from 109.*.*.* port 41203 ssh2
Feb 8 01:07:54 tyhma sshd[15610]: Invalid user steam from 109.*.*.*

 

[l0calh0st]

Do you have any firewall running? And you are running sshd on the default port?

 

[coldabhishek]

The log which you've provided looks more like a brute force attempt on the SSH service which can be easily prevented at the server / network level. Do you use VPS / dedicated server or shared hosting?

 

[Spartan]

Do you have any firewall running? And you are running sshd on the default port?

no firewall , YUP

The log which you've provided looks more like a brute force attempt on the SSH service which can be easily prevented at the server / network level. Do you use VPS / dedicated server or shared hosting?

I use VPS , How can this be prevented?

 

[REAK]

Block the IP using

# iptables -A INPUT -s xxx.xxx.xxx.xxx  -j DROP
 # service iptables save

Also, you can change your SSH port, in the config file

/etc/ssh/sshd_config

Drop me a PM if you need further help.

 

[Spartan]

i am using kloxo .
what should be done ?

 

[l0calh0st]

As ServerPolice said; login into your SSH using Putty.

Execute the following:

iptables -A INPUT -s IPHERE  -j DROP
service iptables save
service iptables restart

Replace IPHERE with the IP that is attacking.

Now change the SSH port:

nano /etc/ssh/sshd_config

Uncomment Port line, and replace the port with your desired port number.

Be sure the port is open in your iptables.

 

[vps9Ryan]

Be sure the port is open in your iptables.

Make sure about this, else you will lock yourself out.

Cheers