Rubik
Intern
Intern
  • UID8266
  • Fans0
  • Follows0
  • Posts3
Reads:12713Replies:4

Unidentified SSH connections

Created#
More Posted time:Nov 30, 2019 18:43 PM
Hello,


I recently signed up for a Linux ECS a couple of weeks ago. I have now noticed by issuing "netstat atp | grep ss" to see active ssh connections with ip, I can see ssh connections from unauthorized ip's. This has raise a serious security concern for me. I have changed my default login/password and am using pub key authentication from the beginning. I notice these ssh connections multiple times a day ! I started blacklisting the the IP's but it changed it's IP and continue to login. I have done a whoisIP to see where they are from and it's originating from China.


Are these truely authorized access/hacked ?

Latest likes:

wedhuswedhus

Rubik
Intern
Intern
  • UID8266
  • Fans0
  • Follows0
  • Posts3
1st Reply#
Posted time:Dec 2, 2019 14:56 PM
Thanks for your reponse. I have already contacted alibaba support and they can neither confirm nor deny it is them or their service. They just asked me to block the IP's if required, which i have done. The behaviour is very suspecious, as soon as I started blocking IP's, a new IP is used to login . This has continue for the past couple of days. ALL ip's was trace to originate from China location. I was thinking of only allowing my subnet to login, however , the standard SSH port 22 cannot be modified from the console panel and is greyed out.


When a new machine is created on Alibaba, it is possibie is that someone else knows the default password ?
Guest