• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Question Stop SSH Port Scanning

pr0tax

New Pleskian
I've been monitoring my server logs (the realtime log browser) and even though my HW firewall is setup to only permit access to a particular set of ports (ie: apache/nginx/ftp) etc. I still see a constant stream of bots/ips/servers trying to access SSH on my server and being unsuccessful.

I use a custom SSH port, so not the default 22 or 2222. However, I am getting tired of seeing the relentless port scans, in particular SSH scans on random ports so I first looked up port knocking, I was close to installing and configuring it but a few articles put me off.

Instead, I thought, maybe I could just be absolutely hardcore and lifetime ban ANY ip address that tries to access SSH through *any* port number that isn't my custom one.

My question is, I'm not overly familiar with iptables in fail2ban, so I ChatGPT'd it and I just wanted some guidance and advice before I proceed to try it. I also want advice on whether this is a good move to do. I am fully aware of my custom port number, so there's not really any chance of me locking myself out.

TIA.
 
Back
Top