VPN connection will soon be mandatory.

Due to ssh bruteforce attempts which seem to increase lately, I hereby suggest to change ssh ports and make a VPN connection to the OSEG server mandatory for sftp and ssh connections.

May 18 11:44:46 lvpsX sshd[13711]: reverse mapping checking getaddrinfo for host-78-111-98-60.teklan.com.tr [78.111.98.60] failed - POSSIBLE BREAK-IN ATTEMPT!
May 18 11:44:46 lvpsX sshd[13711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.111.98.60  user=root



Oct 12 08:39:01 lvps178-77-78-212 CRON[7304]: pam_unix(cron:session): session closed for user root
Oct 12 08:53:57 lvps178-77-78-212 sshd[7324]: reverse mapping checking getaddrinfo for bd0401d5.ctb.static.virtua.com.br [189.4.1.213] failed - POSSIBLE BREAK-IN ATTEMPT!
Oct 12 08:53:57 lvps178-77-78-212 sshd[7324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.4.1.213  user=root
Oct 12 08:53:59 lvps178-77-78-212 sshd[7324]: Failed password for root from 189.4.1.213 port 58212 ssh2
Oct 12 08:59:50 lvps178-77-78-212 sshd[7328]: reverse mapping checking getaddrinfo for hosted-by.burratino.net [94.242.205.252] failed - POSSIBLE BREAK-IN ATTEMPT!
Oct 12 08:59:50 lvps178-77-78-212 sshd[7328]: Invalid user support from 94.242.205.252
Oct 12 08:59:50 lvps178-77-78-212 sshd[7328]: pam_unix(sshd:auth): check pass; user unknown
Oct 12 08:59:50 lvps178-77-78-212 sshd[7328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.242.205.252 
Oct 12 08:59:53 lvps178-77-78-212 sshd[7328]: Failed password for invalid user support from 94.242.205.252 port 38612 ssh2

Note the connection attemps from Louxembourg and South America/Brazil/Montevideo… which seem to be proxy/tunnel servers or direct connection attempts.

IP address	Type	Host name	DNS state
5.199.161.13	 MX 	mail.burratino.net	
5.199.161.13	 MX 	baubis.balticservers.com	
5.9.78.205	 NS 	ns-uk.topdns.com	
85.159.232.241	 NS 	ns-usa.topdns.com	
111.90.140.239	 NS 	ns-canada.topdns.com