Brute Force Warning

I hired a third party to manage my server and it seems like everyday I get an e-mail telling me
Brute Force Warning for my server. is this normal?

Yes it is probably normal, because publicly exposed website is expected to be under everlasting attack. You have to correlate data over time to see if at particular day you got suspiciously high amount of bruteforce attempts.

sometimes I get as many as 4 per day. is this too much?

And the alert says that someone has tried to guess password? or is it a summary that there have been several hundreds of attempts? If you get an e-mail for each attempt then you probably need to ask your provider to send you just summary for day or when number of attempts passes over some threshold (say more than 3 attempts per 10 minutes).

If they haven’t already, you could get the third party to install something of the nature of fail2ban, and also change the ports of common services to different ones to reduce the amount of spurious login attempts

here is what i got:

SOURCE ADDRESS: 180.139.138.178
TARGET SERVICE: sshd
FAILED LOGINS: 20
EXECUTED COMMAND: /etc/apf/apf -d 180.139.138.178 {bfd.sshd}

SOURCE LOGS FROM SERVICE ‘sshd’ (GMT -0500):

Nov 2 17:55:16 host sshd[31009]: Received disconnect from 180.139.138.178: 11: Bye Bye
Nov 2 17:55:18 host sshd[31016]: Invalid user oracle from 180.139.138.178
Nov 2 17:55:18 host sshd[31016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.139.138.178
Nov 2 17:55:20 host sshd[31016]: Failed password for invalid user oracle from 180.139.138.178 port 25679 ssh2
Nov 2 17:55:20 host sshd[31017]: Received disconnect from 180.139.138.178: 11: Bye Bye
Nov 2 17:55:22 host sshd[31026]: Invalid user oracle from 180.139.138.178
Nov 2 17:55:22 host sshd[31026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.139.138.178
Nov 2 17:55:24 host sshd[31026]: Failed password for invalid user oracle from 180.139.138.178 port 25830 ssh2
Nov 2 17:55:24 host sshd[31033]: Received disconnect from 180.139.138.178: 11: Bye Bye
Nov 2 17:55:26 host sshd[31047]: Invalid user nagios from 180.139.138.178
Nov 2 17:55:26 host sshd[31047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.139.138.178
Nov 2 17:55:28 host sshd[31047]: Failed password for invalid user nagios from 180.139.138.178 port 25968 ssh2
Nov 2 17:55:28 host sshd[31050]: Received disconnect from 180.139.138.178: 11: Bye Bye
Nov 2 17:55:30 host sshd[31063]: Invalid user nagios from 180.139.138.178
Nov 2 17:55:30 host sshd[31063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.139.138.178
Nov 2 17:55:32 host sshd[31063]: Failed password for invalid user nagios from 180.139.138.178 port 26133 ssh2
Nov 2 17:55:33 host sshd[31066]: Received disconnect from 180.139.138.178: 11: Bye Bye
Nov 2 17:55:35 host sshd[31083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.139.138.178 user=postgres
Nov 2 17:55:36 host sshd[31083]: Failed password for postgres from 180.139.138.178 port 26285 ssh2
Nov 2 17:55:37 host sshd[31084]: Received disconnect from 180.139.138.178: 11: Bye Bye
Nov 2 17:55:39 host sshd[31109]: Invalid user jboss from 180.139.138.178
Nov 2 17:55:39 host sshd[31109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.139.138.178
Nov 2 17:55:41 host sshd[31109]: Failed password for invalid user jboss from 180.139.138.178 port 26434 ssh2
Nov 2 17:55:41 host sshd[31112]: Received disconnect from 180.139.138.178: 11: Bye Bye
Nov 2 17:55:43 host sshd[31125]: Invalid user zabbix from 180.139.138.178
Nov 2 17:55:43 host sshd[31125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.139.138.178
Nov 2 17:55:45 host sshd[31125]: Failed password for invalid user zabbix from 180.139.138.178 port 26590 ssh2
Nov 2 17:55:45 host sshd[31126]: Received disconnect from 180.139.138.178: 11: Bye Bye
Nov 2 17:55:47 host sshd[31133]: Invalid user apotek from 180.139.138.178
Nov 2 17:55:47 host sshd[31133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.139.138.178
Nov 2 17:55:49 host sshd[31133]: Failed password for invalid user apotek from 180.139.138.178 port 26747 ssh2
Nov 2 17:55:49 host sshd[31134]: Received disconnect from 180.139.138.178: 11: Bye Bye
Nov 2 17:55:51 host sshd[31141]: Invalid user kassa from 180.139.138.178
Nov 2 17:55:51 host sshd[31141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.139.138.178
Nov 2 17:55:54 host sshd[31141]: Failed password for invalid user kassa from 180.139.138.178 port 26895 ssh2
Nov 2 17:55:54 host sshd[31142]: Received disconnect from 180.139.138.178: 11: Bye Bye
Nov 2 17:55:56 host sshd[31161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.139.138.178 user=avahi
Nov 2 17:55:57 host sshd[31161]: Failed password for avahi from 180.139.138.178 port 27099 ssh2
Nov 2 17:55:58 host sshd[31162]: Received disconnect from 180.139.138.178: 11: Bye Bye
Nov 2 17:56:00 host sshd[31179]: Invalid user db2inst1 from 180.139.138.178
Nov 2 17:56:00 host sshd[31179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.139.138.178
Nov 2 17:56:01 host sshd[31179]: Failed password for invalid user db2inst1 from 180.139.138.178 port 27248 ssh2
Nov 2 17:56:01 host sshd[31181]: Received disconnect from 180.139.138.178: 11: Bye Bye
Nov 2 17:56:03 host sshd[32134]: Invalid user ftpuser from 180.139.138.178
Nov 2 17:56:03 host sshd[32134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.139.138.178
Nov 2 17:56:06 host sshd[32134]: Failed password for invalid user ftpuser from 180.139.138.178 port 27401 ssh2
Nov 2 17:56:06 host sshd[32137]: Received disconnect from 180.139.138.178: 11: Bye Bye
Nov 2 17:56:08 host sshd[32151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.139.138.178 user=game
Nov 2 17:56:10 host sshd[32151]: Failed password for game from 180.139.138.178 port 27578 ssh2
Nov 2 17:56:10 host sshd[32154]: Received disconnect from 180.139.138.178: 11: Bye Bye

If our server detects too many unsuccessful log in attempts, the brute force lock will go into effect & will lock the accounts generally.

the number of attempts is actually increasing. should I do anything? or does it mean my server is secure?

^^^^