Increased abuse activity on my server

Duane Whitty duane at
Wed Mar 7 16:43:53 UTC 2018

On 18-03-07 12:17 PM, Valeri Galtsev wrote:
> On 03/07/18 08:20, William Dudley wrote:
>> This may sound stupid and obvious, but I moved my ssh port to a high
>> "random" port
>> number, and that completely stopped the random attempts to ssh in.  I know
>> that
>> "security by obscurity" "doesn't work", but it did!
> No it doesn't. One mostly fools oneself by seeing less symptoms, whereas 
> illness is still as bad as it was (if it was there that is). Sorry, it 
> looks like I'm in contradictive mood, still bear with me.

Are the symptoms not diagnostic of the illness in this case or are you
saying that there may be ssh login attempts that aren't being logged
after being moved to a randomly selected port over 1024?  That would
seem unusual.

Regarding ports over 1024 I agree it's true non-root users can open them
but not sure what that is going to get an attacker.  How does sshd
listening on port 15391 etc make it more vulnerable than listening on
port 22?  Can you provide an example of an exploit?

Also, I don't recall the OP mentioning anything about having many users
ssh'ing in.  Perhaps the OP is the only user that logs in for
administrative purposes.

Also, perhaps he already doesn't allow root logins from the Internet, he
hasn't said and we haven't asked.

Does moving sshd to a high port number make you all that more secure?
No not really but it does avoid a lot of log activity and makes seeing
real attacks easier.  Combine that with sensible host and firewall
policies and a large majority of attackers just aren't going to bother
because it will be so much easier for them to attack someone else and
have a higher probability of attack.

You do make some good points though that administrators should consider
when implementing systems security.

Best Regards,

Duane Whitty
duane at

More information about the freebsd-questions mailing list