I feel I must be missing something obvoius.
In Control Panel / Terminal & SNMP I have SSH disabled.
I have rsync enabled, but the SSH encryption port is set to a high obscure number.
My connection log in Log Center shows a constant barrage of "User [root] from [random constantly changing IP address] failed to log in via [SSH] due to authorization failure."
How is the attacker even getting to the point of an authorization failure if SSH is disabled?
The machine, which is in a colocation center, must be open to the internet to some extent, as it's running a mail server, and because my NAS's at home back up to it using hyperbackup.
Is there anything I can do to stop these login attempts via SSH? Or am I misunderstanding what's going on?
In Control Panel / Terminal & SNMP I have SSH disabled.
I have rsync enabled, but the SSH encryption port is set to a high obscure number.
My connection log in Log Center shows a constant barrage of "User [root] from [random constantly changing IP address] failed to log in via [SSH] due to authorization failure."
How is the attacker even getting to the point of an authorization failure if SSH is disabled?
The machine, which is in a colocation center, must be open to the internet to some extent, as it's running a mail server, and because my NAS's at home back up to it using hyperbackup.
Is there anything I can do to stop these login attempts via SSH? Or am I misunderstanding what's going on?