Many attempts at accessing root on my server

[Chalkie]

Hi there,

About a week ago I purchased a VPS with cpanel, under recommendation of the VPS company I installed CSF.

Since then I am receiving around 20-30 emails an hour telling me someone has failed to login to my cpanel.

Here is an example of the email:

Time: Wed Nov 1 14:15:11 2017 +0000
IP: 46.188.117.147 (RU/Russian Federation/broadband-46-188-117-147.2com.net)
Failures: 5 (sshd)
Interval: 3600 seconds
Blocked: Permanent Block

Log entries:

Nov 1 13:46:44 vps sshd[5271]: Invalid user user from 46.188.117.147 port 63241
Nov 1 13:46:47 vps sshd[5271]: Failed password for invalid user user from 46.188.117.147 port 63241 ssh2
Nov 1 13:46:49 vps sshd[5271]: Failed password for invalid user user from 46.188.117.147 port 63241 ssh2
Nov 1 13:46:52 vps sshd[5271]: Failed password for invalid user user from 46.188.117.147 port 63241 ssh2
Nov 1 14:15:11 vps sshd[7827]: Invalid user admin from 46.188.117.147 port 63241

Is it normal to receive this many?

Do you have any recommendations on ways to make sure my VPS remains secure?

Many thanks
Adam

[UWH-David]

Absolutely normal and why csf's brute force defense protection is such an asset.

I recommend enabling some of the csf blocklists in the csf.blocklists file. Many block Russia altogether via the country block section of the config.