All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Contabo VPS Default SSH Password Authentication Creates Security Vulnerabilities

By

ddxv

8mo ago· 2 min readenInsight
Bagel score 65 of 100
65/100
Toasty
Bagelometer

Reliable enough to start your morning with. Toast it again tomorrow.

Score65TypeanalysisSentimentnegative

Summary

The article criticizes Contabo VPS for default security practices that enable password-based SSH logins instead of public key authentication. The author shares their experience with a new server receiving 350 failed password login attempts per hour, demonstrating how this default configuration makes servers vulnerable to brute force attacks. The article highlights that while Contabo offers the option to use SSH keys, it's not the default setting, putting less technical users at risk.

Key quotes

· 3 pulled
Contabo's default VPS creation seems to be root user and password?
Our new server, that barely any bot knows exists, already gets 350 failed password login attempts an hour.
Worse, these bots can see that password login is enabled on our server, meaning they know they should keep trying.
Snippet from the RSS feed
I recently started helping a less technical friend and had my first chance to see/use Contabo VPS. I’ve been really surprised at their default security practices so far.

You might also wanna read

Building a Vulnerable SSH Lab to Learn Real-World Attack Techniques

This article guides readers through setting up and using VulnSSH, a purposely insecure SSH environment inside a local pentest lab, to learn

infosecwriteups.com·1d ago