I recently migrated to a new host, a VPS solution. From day one, I started getting WHM/cPanel notifications of brute force attack attempts via root on the main account, 3-4 times per day. I know this is more and more typical in general, but…
My question is whether or not it's typical and/or something to be concerned about when it happens on a brand new server?
Note: I'm not asking how to defend against brute force attacks (e.g., using strong passwords and possibly removing ssh access by password authentication).
Best Answer
If a server's IP is accessible to the internet, it'll see attacks. Worms etc. crawl the publicly available IP space for victims, and on a VPS host there's a good chance your IP was another known server until recently.
Installing
fail2ban
ordenyhosts
to block brute force attempts is a pretty common step.