nextcloud 11 after upgrade
Https enabled
Strict Https enabled
ubuntu server 16.04
Ufw enabled with apache and ssh
so here is something I was not expecting. I checked the auth.log and I see login attempt after login attempt from several different IP addresses and they all come from China so far. There are MANY login attempts from each IP address.
This is what I get
Dec 21 00:14:00 ubuntu sshd[8257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.1$
Dec 21 00:14:01 ubuntu sshd[8257]: Failed password for root from 218.65.30.124 port 50235 ssh2
Dec 21 00:14:07 ubuntu sshd[8257]: message repeated 2 times: [ Failed password for root from 218.65.30.124 port 50235 ssh2]
Dec 21 00:14:08 ubuntu sshd[8259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.199.$
Dec 21 00:14:10 ubuntu sshd[8257]: Failed password for root from 218.65.30.124 port 50235 ssh2
Dec 21 00:14:10 ubuntu sshd[8259]: Failed password for root from 58.218.199.182 port 60398 ssh2
Dec 21 00:14:12 ubuntu sshd[8257]: Failed password for root from 218.65.30.124 port 50235 ssh2
Dec 21 00:14:12 ubuntu sshd[8259]: Failed password for root from 58.218.199.182 port 60398 ssh2
Dec 21 00:14:14 ubuntu sshd[8259]: Failed password for root from 58.218.199.182 port 60398 ssh2
Dec 21 00:14:15 ubuntu sshd[8257]: Failed password for root from 218.65.30.124 port 50235 ssh2
Dec 21 00:14:15 ubuntu sshd[8257]: error: maximum authentication attempts exceeded for root from 218.65.30.124 port 50235 ssh2 [preaut$
Dec 21 00:14:15 ubuntu sshd[8257]: Disconnecting: Too many authentication failures [preauth]
Dec 21 00:14:15 ubuntu sshd[8257]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.124 user=$
Dec 21 00:14:15 ubuntu sshd[8257]: PAM service(sshd) ignoring max retries; 6 > 3
Dec 21 00:14:15 ubuntu sshd[8259]: Received disconnect from 58.218.199.182 port 60398:11: [preauth]
Dec 21 00:14:15 ubuntu sshd[8259]: Disconnected from 58.218.199.182 port 60398 [preauth]
Dec 21 00:14:15 ubuntu sshd[8259]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.199.182 user$
Dec 21 00:14:20 ubuntu sshd[8261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.1$
Dec 21 00:14:22 ubuntu sshd[8261]: Failed password for root from 218.65.30.124 port 16010 ssh2
Dec 21 00:14:48 ubuntu sshd[8261]: message repeated 5 times: [ Failed password for root from 218.65.30.124 port 16010 ssh2]
Dec 21 00:14:48 ubuntu sshd[8261]: error: maximum authentication attempts exceeded for root from 218.65.30.124 port 16010 ssh2 [preaut$
Dec 21 00:14:48 ubuntu sshd[8261]: Disconnecting: Too many authentication failures [preauth]
Dec 21 00:14:48 ubuntu sshd[8261]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.124 user=$
Dec 21 00:14:48 ubuntu sshd[8261]: PAM service(sshd) ignoring max retries; 6 > 3
Dec 21 00:14:54 ubuntu sshd[8263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.199.$
Dec 21 00:14:55 ubuntu sshd[8265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.1$
Dec 21 00:14:56 ubuntu sshd[8263]: Failed password for root from 58.218.199.182 port 19671 ssh2
Dec 21 00:14:56 ubuntu sshd[8263]: Received disconnect from 58.218.199.182 port 19671:11: [preauth]
Dec 21 00:14:56 ubuntu sshd[8263]: Disconnected from 58.218.199.182 port 19671 [preauth]
Dec 21 00:14:56 ubuntu sshd[8265]: Failed password for root from 218.65.30.124 port 7953 ssh2
Dec 21 00:15:11 ubuntu sshd[8265]: message repeated 5 times: [ Failed password for root from 218.65.30.124 port 7953 ssh2]
Dec 21 00:15:11 ubuntu sshd[8265]: error: maximum authentication attempts exceeded for root from 218.65.30.124 port 7953 ssh2 [preauth]
Dec 21 00:15:11 ubuntu sshd[8265]: Disconnecting: Too many authentication failures [preauth]
Dec 21 00:15:11 ubuntu sshd[8265]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.124 user=$
Dec 21 00:15:11 ubuntu sshd[8265]: PAM service(sshd) ignoring max retries; 6 > 3
Dec 21 00:15:25 ubuntu sshd[8269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.199.$
Dec 21 00:15:27 ubuntu sshd[8269]: Failed password for root from 58.218.199.182 port 61976 ssh2
Dec 21 00:15:35 ubuntu sshd[8269]: Failed password for root from 58.218.199.182 port 61976 ssh2
Dec 21 00:15:35 ubuntu sshd[8269]: Received disconnect from 58.218.199.182 port 61976:11: [preauth]
Dec 21 00:15:35 ubuntu sshd[8269]: Disconnected from 58.218.199.182 port 61976 [preauth]
Dec 21 00:15:35 ubuntu sshd[8269]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.199.182 user=$
Dec 21 00:16:07 ubuntu sshd[8272]: Received disconnect from 58.218.199.182 port 60230:11: [preauth]
Dec 21 00:16:07 ubuntu sshd[8272]: Disconnected from 58.218.199.182 port 60230 [preauth]
Dec 21 00:16:39 ubuntu sshd[8276]: Connection reset by 58.218.199.182 port 23047 [preauth]
Dec 21 00:17:01 ubuntu CRON[8279]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 21 00:34:58 ubuntu sshd[8649]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.199.182 u$
Dec 21 00:35:44 ubuntu sshd[8651]: Connection closed by 58.218.199.182 port 20803 [preauth]
Dec 21 00:35:57 ubuntu sshd[8653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.1$
Dec 21 00:35:59 ubuntu sshd[8653]: Failed password for root from 58.218.199.182 port 24485 ssh2
Dec 21 00:36:04 ubuntu sshd[8653]: Failed password for root from 58.218.199.182 port 24485 ssh2
Dec 21 00:36:04 ubuntu sshd[8653]: Received disconnect from 58.218.199.182 port 24485:11: [preauth]
Dec 21 00:36:04 ubuntu sshd[8653]: Disconnected from 58.218.199.182 port 24485 [preauth]
Dec 21 00:36:04 ubuntu sshd[8653]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.199.182 us$
Dec 21 00:36:32 ubuntu sshd[8655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.1$
Dec 21 00:36:34 ubuntu sshd[8655]: Failed password for root from 58.218.199.182 port 12977 ssh2
Dec 21 00:36:39 ubuntu sshd[8655]: message repeated 2 times: [ Failed password for root from 58.218.199.182 port 12977 ssh2]
Dec 21 00:36:41 ubuntu sshd[8655]: Received disconnect from 58.218.199.182 port 12977:11: [preauth]
Dec 21 00:36:41 ubuntu sshd[8655]: Disconnected from 58.218.199.182 port 12977 [preauth]
Dec 21 00:36:41 ubuntu sshd[8655]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.199.182 u$
Dec 21 00:37:08 ubuntu sshd[8657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.1$
Dec 21 00:37:11 ubuntu sshd[8657]: Failed password for root from 58.218.199.182 port 60504 ssh2
Dec 21 00:37:16 ubuntu sshd[8657]: message repeated 2 times: [ Failed password for root from 58.218.199.182 port 60504 ssh2]
Dec 21 00:37:17 ubuntu sshd[8657]: Received disconnect from 58.218.199.182 port 60504:11: [preauth]
Dec 21 00:37:17 ubuntu sshd[8657]: Disconnected from 58.218.199.182 port 60504 [preauth]
Dec 21 00:37:17 ubuntu sshd[8657]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.199.182 u$
Dec 21 00:37:46 ubuntu sshd[8659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.1$
Dec 21 00:37:48 ubuntu sshd[8659]: Failed password for root from 58.218.199.182 port 10473 ssh2
Dec 21 00:37:53 ubuntu sshd[8659]: message repeated 2 times: [ Failed password for root from 58.218.199.182 port 10473 ssh2]
Dec 21 00:37:53 ubuntu sshd[8659]: Received disconnect from 58.218.199.182 port 10473:11: [preauth]
Dec 21 00:37:53 ubuntu sshd[8659]: Disconnected from 58.218.199.182 port 10473 [preauth]
Dec 21 00:37:53 ubuntu sshd[8659]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.199.182 u$
Dec 21 00:38:24 ubuntu sshd[8661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.1$
Dec 21 00:38:26 ubuntu sshd[8661]: Failed password for root from 58.218.199.182 port 18155 ssh2
Dec 21 00:38:30 ubuntu sshd[8661]: message repeated 2 times: [ Failed password for root from 58.218.199.182 port 18155 ssh2]
Dec 21 00:38:31 ubuntu sshd[8661]: Received disconnect from 58.218.199.182 port 18155:11: [preauth]
Dec 21 00:38:31 ubuntu sshd[8661]: Disconnected from 58.218.199.182 port 18155 [preauth]
Dec 21 00:38:31 ubuntu sshd[8661]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.199.182 u$
Dec 21 00:39:01 ubuntu CRON[8665]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 21 00:39:02 ubuntu CRON[8665]: pam_unix(cron:session): session closed for user root
Dec 21 00:39:03 ubuntu sshd[8663]: Connection reset by 58.218.199.182 port 16115 [preauth]
Dec 21 00:39:35 ubuntu sshd[8707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.1$
Dec 21 00:39:36 ubuntu sshd[8707]: Failed password for root from 58.218.199.182 port 12765 ssh2
Dec 21 00:39:42 ubuntu sshd[8707]: message repeated 2 times: [ Failed password for root from 58.218.199.182 port 12765 ssh2]
Dec 21 00:39:43 ubuntu sshd[8707]: Received disconnect from 58.218.199.182 port 12765:11: [preauth]
Dec 21 00:39:43 ubuntu sshd[8707]: Disconnected from 58.218.199.182 port 12765 [preauth]
Dec 21 00:39:43 ubuntu sshd[8707]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.199.182 u$
Dec 21 00:40:16 ubuntu sshd[8710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.1$
Dec 21 00:40:18 ubuntu sshd[8710]: Failed password for root from 58.218.199.182 port 24133 ssh2
Dec 21 00:40:18 ubuntu sshd[8710]: Received disconnect from 58.218.199.182 port 24133:11: [preauth]
Dec 21 00:40:18 ubuntu sshd[8710]: Disconnected from 58.218.199.182 port 24133 [preauth]
Dec 21 00:40:18 ubuntu sshd[8710]: Received disconnect from 58.218.199.182 port 24133:11: [preauth]
Dec 21 00:40:18 ubuntu sshd[8710]: Disconnected from 58.218.199.182 port 24133 [preauth]
Dec 21 00:40:55 ubuntu sshd[8712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.1$
Dec 21 00:40:58 ubuntu sshd[8712]: Failed password for root from 58.218.199.182 port 64155 ssh2
Dec 21 00:40:58 ubuntu sshd[8712]: Received disconnect from 58.218.199.182 port 64155:11: [preauth]
Dec 21 00:40:58 ubuntu sshd[8712]: Disconnected from 58.218.199.182 port 64155 [preauth]
Dec 21 00:41:19 ubuntu sshd[8714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.1$
Dec 21 00:41:21 ubuntu sshd[8714]: Failed password for root from 58.218.199.182 port 23859 ssh2
Dec 21 00:41:25 ubuntu sshd[8714]: message repeated 2 times: [ Failed password for root from 58.218.199.182 port 23859 ssh2]
Dec 21 00:41:27 ubuntu sshd[8714]: Received disconnect from 58.218.199.182 port 23859:11: [preauth]
Dec 21 00:41:27 ubuntu sshd[8714]: Disconnected from 58.218.199.182 port 23859 [preauth]
Dec 21 00:41:27 ubuntu sshd[8714]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.199.182 u$
Dec 21 00:41:54 ubuntu sshd[8720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.1$
Dec 21 00:41:56 ubuntu sshd[8720]: Failed password for root from 58.218.199.182 port 27659 ssh2
Dec 21 00:42:03 ubuntu sshd[8720]: Failed password for root from 58.218.199.182 port 27659 ssh2
Dec 21 00:42:03 ubuntu sshd[8720]: Connection reset by 58.218.199.182 port 27659 [preauth]
Dec 21 00:42:03 ubuntu sshd[8720]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.199.182 us$
Dec 21 00:42:49 ubuntu sshd[8725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.1$
Dec 21 00:42:51 ubuntu sshd[8725]: Failed password for root from 58.218.199.182 port 38912 ssh2
Dec 21 00:42:51 ubuntu sshd[8725]: Received disconnect from 58.218.199.182 port 38912:11: [preauth]
Dec 21 00:42:51 ubuntu sshd[8725]: Disconnected from 58.218.199.182 port 38912 [preauth]
Dec 21 00:43:43 ubuntu sshd[8730]: Did not receive identification string from 58.218.199.182
I do not know what to do about this. I do not have failban installed and dont know how to set that up. I also have not messed with IPtables and also not familiar with that at all either.
I should probably update my ssh password or password for my root account and my user account.
What is the best thing to do in this situation?
Thanks.