vps等首先确认安全配置

具体的可自行google或baidu

1、更换ssh端口，默认22的话经常性被扫描。。

2、新建其他用户，并开放sudo权限或每次需要root权限时切换到root用户。

3、关闭ssh的root用户登录权限。

4、在crontab中加入定时脚本，把暴力破解密码的ip封掉。脚本如下，来源自网上：

#!/bin/bash
cat /var/log/auth.log|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}' > /root/black.txt
DEFINE="5"
for i in `cat  /root/black.txt`
do
  IP=`echo $i |awk -F= '{print $1}'`
  NUM=`echo $i|awk -F= '{print $2}'`
  if [ $NUM -gt $DEFINE ];then
    grep $IP /etc/hosts.deny > /dev/null
      if [ $? -gt 0 ];then
          echo "sshd:$IP:deny" >> /etc/hosts.deny
      fi
    fi
done

crontab中加入每分钟执行本脚本一次，

*/1 * * * *  sh /root/secure_ssh.sh

列一下本人一天内被攻击的IP吧~仅供参考，可以添加到/etc/hosts.deny，具体格式参考网上或者上面的脚本。后面是失败次数

101.254.141.27=7
103.249.236.81=1
109.161.208.79=1
110.39.140.10=2
112.54.83.98=29
114.119.5.2=5
117.243.180.129=1
117.244.31.86=1
117.245.12.162=1
117.253.172.132=6
117.34.70.143=38
122.141.236.69=5
123.249.25.14=10
124.109.54.136=1
125.212.232.124=3
125.212.232.169=1
125.212.232.170=3
125.212.232.171=3
125.212.232.172=3
125.212.232.173=3
125.212.232.174=3
125.212.232.175=2
125.212.232.176=2
125.212.232.177=3
125.212.232.178=2
125.212.232.204=2
125.212.232.205=2
125.212.232.206=3
125.212.232.207=3
125.212.232.208=3
125.212.232.209=2
125.212.232.210=1
125.212.232.211=2
125.212.232.212=2
125.212.232.213=2
125.212.232.94=1
178.234.35.99=1
180.97.215.133=287
181.214.92.11=47
183.3.202.103=8150
185.110.132.54=24
185.117.75.140=6
185.56.80.155=2
185.97.122.195=1
193.201.227.167=35
193.201.227.183=16
208.109.53.250=23
208.67.1.57=9
210.14.157.131=15
212.129.31.91=50
212.98.164.237=21
218.57.11.7=7
222.186.21.200=1002
222.186.21.71=652
222.189.40.171=25
31.173.68.104=5
31.184.195.114=3
45.63.116.90=2
46.148.20.10=30
46.183.221.239=272
58.65.160.33=2
59.47.5.229=441
61.135.169.78=4
61.216.84.147=5
62.165.30.184=4
65.181.123.161=15
79.5.235.189=1
97.105.92.206=2