vps等首先确认安全配置

具体的可自行google或baidu

1、更换ssh端口，默认22的话经常性被扫描。。

2、新建其他用户，并开放sudo权限或每次需要root权限时切换到root用户。

3、关闭ssh的root用户登录权限。

4、在crontab中加入定时脚本，把暴力破解密码的ip封掉。脚本如下，来源自网上：

#!/bin/bashcat /var/log/auth.log|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}' > /root/black.txtDEFINE="5"for i in `cat  /root/black.txt`do  IP=`echo $i |awk -F= '{print $1}'`  NUM=`echo $i|awk -F= '{print $2}'`  if [ $NUM -gt $DEFINE ];then    grep $IP /etc/hosts.deny > /dev/null      if [ $? -gt 0 ];then          echo "sshd:$IP:deny" >> /etc/hosts.deny      fi    fidone

crontab中加入每分钟执行本脚本一次，

*/1 * * * *  sh /root/secure_ssh.sh

列一下本人一天内被攻击的IP吧~仅供参考，可以添加到/etc/hosts.deny，具体格式参考网上或者上面的脚本。后面是失败次数

101.254.141.27=7103.249.236.81=1109.161.208.79=1110.39.140.10=2112.54.83.98=29114.119.5.2=5117.243.180.129=1117.244.31.86=1117.245.12.162=1117.253.172.132=6117.34.70.143=38122.141.236.69=5123.249.25.14=10124.109.54.136=1125.212.232.124=3125.212.232.169=1125.212.232.170=3125.212.232.171=3125.212.232.172=3125.212.232.173=3125.212.232.174=3125.212.232.175=2125.212.232.176=2125.212.232.177=3125.212.232.178=2125.212.232.204=2125.212.232.205=2125.212.232.206=3125.212.232.207=3125.212.232.208=3125.212.232.209=2125.212.232.210=1125.212.232.211=2125.212.232.212=2125.212.232.213=2125.212.232.94=1178.234.35.99=1180.97.215.133=287181.214.92.11=47183.3.202.103=8150185.110.132.54=24185.117.75.140=6185.56.80.155=2185.97.122.195=1193.201.227.167=35193.201.227.183=16208.109.53.250=23208.67.1.57=9210.14.157.131=15212.129.31.91=50212.98.164.237=21218.57.11.7=7222.186.21.200=1002222.186.21.71=652222.189.40.171=2531.173.68.104=531.184.195.114=345.63.116.90=246.148.20.10=3046.183.221.239=27258.65.160.33=259.47.5.229=44161.135.169.78=461.216.84.147=562.165.30.184=465.181.123.161=1579.5.235.189=197.105.92.206=2