32
Spent 3 hours trying to figure out why my home server kept getting weird login attempts
I set up a simple web server on an old laptop to host a project. After a week, I checked the logs and saw hundreds of failed SSH login tries from random IPs. I thought my password was weak, so I changed it, but they kept coming. I finally realized I had left the default SSH port 22 open to the internet. Changing it to a different port, like 2222, in the config file and updating my firewall rules stopped all the noise immediately. Anyone else have a simple port change fix a security headache?
4 comments
Log in to join the discussion
Log In4 Comments
the_taylor2mo ago
My old Raspberry Pi was getting hammered with attempts every day. Swapping from port 22 to something random like 4821 made the log files completely clean overnight. It's the easiest first line of defense.
8
averyc942mo ago
Easiest first line" feels like security theater, jenny_white21.
5
jenny_white212mo ago
My friend had the same thing, port change saved him.
2
My buddy's ISP blocks nonstandard ports on residential plans so switching to 4821 would have cut him off completely. Port knocking with a proper firewall rule on 22 stopped the bots just as well without breaking his ISP terms.
3