A common port
21:FTP Service Default Port
22:SSH Remote Connection default port, will not be remote after shutdown
80:WWW services, such as the default port for Apache or Nginx
3306:mysql Remote Connection port
b Modify the SSH port
1. Modify the Port field in the/etc/ssh/sshd_config
Port 22 changed to port 1000 (your custom ports)
2. Restart the SSHD service
#sudo Service sshd Restart
If the Debian or Ubuntu system is used
#sudo Service SSH Restart
If you have a firewall turned on, you need to release the remote port on the wall so that you don't have to modify the port to be remote.
C: The problem of chicken-type troubleshooting ideas
(1) Use the last command to view the recent login account records of the server, or to view the /var/log/secure log, if there is a user other than root login,
Check/etc/passwd This file to see if there is an unusual account, or use the command "usermod-l user name" to disable the user or use the order "Userdel-r username" to delete the /c3>
Under User
(2) Check the server internal account (such as Administrator account, MySQL account, SQL Server account, FTP account) is the simple password settings, too simple password is easy to hack,
Please set the password to a more complex exception port.
See Next/etc/rc.local whether there is an unusual item in this file, some comments out;
The logon server uses the Ps-aux command to see if there is an exception process, which can be closed with the kill command
What to do if you find an unauthorized login
If you are concerned about illegal users breaking into the system, the simplest way is to use the W command to check.
If you really see an illegal user on your system, you can kill his process immediately.
Change his password to "*" with the VI/ETC/PASSWD command, or change the shell to/sbin/nologin
Use the W command to view the user's TTY number, then use the Fuser-k tty (or show pts/*) to kick the
That is, first use the W command to view the online users, and then pkill-kill-t tty such as Pkill-kill-t PTS/1
Ubuntu Security Issues