• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.

Question Stop SSH Port Scanning

pr0tax

New Pleskian
I've been monitoring my server logs (the realtime log browser) and even though my HW firewall is setup to only permit access to a particular set of ports (ie: apache/nginx/ftp) etc. I still see a constant stream of bots/ips/servers trying to access SSH on my server and being unsuccessful.

I use a custom SSH port, so not the default 22 or 2222. However, I am getting tired of seeing the relentless port scans, in particular SSH scans on random ports so I first looked up port knocking, I was close to installing and configuring it but a few articles put me off.

Instead, I thought, maybe I could just be absolutely hardcore and lifetime ban ANY ip address that tries to access SSH through *any* port number that isn't my custom one.

My question is, I'm not overly familiar with iptables in fail2ban, so I ChatGPT'd it and I just wanted some guidance and advice before I proceed to try it. I also want advice on whether this is a good move to do. I am fully aware of my custom port number, so there's not really any chance of me locking myself out.

TIA.
 
Back
Top