SSH Brute Attack


(Ka Wo Cheung) #1

It’s reported that one of my server involved in SSH Brute Attack and CW suspended the service.
What can I do to figure out which is the suspect?

Thanks a lot.


(Abdul rauf) #2

Hi,

Please be informed that SSH has been successfully enabled on your host node however; we request you to please scan your applications to check and remove the malicious code from your applications, You have 36 applications hosted on 2GB server. There are free tools available like wordfence which you can enable in your applications to scan for the malicious code. But for deep analysis, I would suggest you to give Sucuri a try with the help of this knowledge base https://support.cloudways.com/how-to-set-up-sucuri-antivirus-website-monitoring/?utm_source=Platformkb&utm_medium=kbsearch and prevent your’s and other hosts from these kind of attacks.

Kind Regards.


(Ka Wo Cheung) #3

Do we have a deadline for the check? I have arranged resource to check.