New dyndns server at home needs more security

Question

I have just setup an Ubuntu web server to use at home as a backup and development server for a website I have. I am using dyndns so my colleges can access this also and test new code.

This works well but I'm worried about security. This has only been open to the world for 24 hours and already had hack attempts from 4 different IP addresses. (korea and hong kong)

• hack attempts being trying to login over ssh with usernames such as root, oracle, smbuser

How can I secure this server more so I can feel at ease?

FYI, the data is not highly confidential so not the end of the world if anyone gets in, but obviously don't want people playing around with it.

Update, I did add my public ssh key to the server to login but after a restart went back to normal

Answer 1

There's 2 approaches you can take

Security by obscurity - change the port, and don't use obvious usernames and passwords

Active defence - I use fail2ban to automatically block bruteforce attempts - its triggered off by a certain number of failed logins (which is configurable), and sets off a firewall rule to block such attempts. I go for a draconian 3 failures, and a one week ban, which tends to put a damper on any brute force attemps

Answer 2

Unfortunately, SSH brute-forcing attempts are a fact of the Internet. If you have an open SSH port, automatic scanning will find it, and start grinding against it.

(source)

Short of installing DenyHosts, there isn't much you can do about it other than make sure that any passwords you have are long and complex, and force public-key auth where possible. Your SSH logs will still be full of invalid login attempts, but they won't be able to get anywhere.