Increased abuse activity on my server

William Dudley wfdudley at
Wed Mar 7 14:20:04 UTC 2018

This may sound stupid and obvious, but I moved my ssh port to a high
"random" port
number, and that completely stopped the random attempts to ssh in.  I know
"security by obscurity" "doesn't work", but it did!

I picked a port like 5792 -- not related to anything else.  (i.e. don't
pick 2222 or 2022 etc.)

I've had this in place for months and months (perhaps a year) and the
haven't found the port yet.

I think this works because unless you, specifically, are at *target* of
somebody *serious*,
(think "kbg"), most of these attackers are opportunists who won't spend the
to do a full port scan of your server.  They just try the standard ports:
21, 22, 23, 25, etc.

ALSO, you should disable password auth for ssh and use only public/private

Then you know the attackers are REALLY wasting their time.

Bill Dudley

This email is free of malware because I run Linux.

On Wed, Mar 7, 2018 at 4:31 AM, Ole <ole at> wrote:

> Wed, 7 Mar 2018 08:19:44 +0100 - User Hasse <hasse at>:
> > Anybody else noticed ?
> Welcome to the internet :-)
> If you have strong passwords or better only public key authentication
> allowed, just don't care. If you want to increase security you could
> use a VPN + Firewall to only allow connections from your VPN. If you
> just don't want them to spam your logs you could just move sshd from
> port 22 to port 24.
> regards Ole

More information about the freebsd-questions mailing list