I'm very new to having admin duties for web hosting, having signed up for a VPS without realizing all the extra things I would have to learn. One thing I've been concerned with is security since as of right now it is way over my head. I went in and did what I could to protect myself, one was limiting login attempts and being notified by email if someone was trying to log in and failing. This morning I got one of those emails that said the IP trying to log in was originating from China. Does this mean someone was trying to hack my site? Or could it have been some sort of site crawler?
If the login attempts were over the SSH protocol, there are some kind of scripts moving around on the net trying to login with SSH using common usernames and passwords on all kinds of computers. Nothing to worry about, if you have good passwords.
As already mentioned above, this is nothing to worry about. Use good (complex) passwords. There are always attempts to login using SSH, sometimes brute force attacks but denyhost or similar applications should solve it. You can also limit SSH access to your ip address only (in case it is static) in iptables.
Research is essential Those " scripts " are actually bots, trojans that are running on other infected computers and / OR it is a chinease hacker who is using a proxy, and running a port scanner or SSH scanner. Basically they check for passwords that are weak, insecure versions of daemons - SSH, FTP, HTTP. These bots, even if you have anonymous upload enabled can upload a simple script in a matter of miliseconds and then they can execute the code from the web browser once the script has been uploaded via anonymous ftp - then boom, there goes your security as an RFI can then be completed and there goes your whole site
use boot system to save your page or site i have see many site has been hacked by TURKISH hackers so you should take care also use captcha system