Mi servidor está siendo atacado actualmente desde otro servidor. Este es mi registro:
root@my-server:/var/log# tail -f auth.log
Feb 19 11:53:08 my-server sshd[3745]: Disconnecting: Too many authentication failures for root [preauth]
Feb 19 11:53:08 my-server sshd[3745]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.32.114.181 user=root
Feb 19 11:53:08 my-server sshd[3745]: PAM service(sshd) ignoring max retries; 6 > 3
Feb 19 11:53:39 my-server sshd[3747]: Address 125.32.114.181 maps to 181.114.32.125.adsl-pool.jlccptt.net.cn, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Feb 19 11:53:41 my-server sshd[3747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.32.114.181 user=root
Feb 19 11:53:44 my-server sshd[3747]: Failed password for root from 125.32.114.181 port 1680 ssh2
Feb 19 11:53:57 sshd[3747]: last message repeated 5 times
Feb 19 11:53:57 my-server sshd[3747]: Disconnecting: Too many authentication failures for root [preauth]
Feb 19 11:53:57 my-server sshd[3747]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.32.114.181 user=root
Feb 19 11:53:57 my-server sshd[3747]: PAM service(sshd) ignoring max retries; 6 > 3
¿Cuáles son los primeros pasos para prevenir este tipo de ataques?